Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
releases:17.01:notes-17.01.4 [2017/10/18 09:46] – [Highlights In LEDE 17.01.4] stintelreleases:17.01:notes-17.01.4 [2018/02/17 16:18] – ↷ Links adapted because of a move operation
Line 1: Line 1:
-====== LEDE 17.01.4 - Fourth Service Release - October 2017 (WIP) ======+====== LEDE 17.01.4 - Fourth Service Release - October 2017 ======
  
 <code> <code>
Line 30: Line 30:
   * Linux kernel updated to version 4.4.92 (from 4.4.89 in v17.01.3)   * Linux kernel updated to version 4.4.92 (from 4.4.89 in v17.01.3)
   * [[releases:17.01:changelog-17.01.4#security_fixes|Security fixes]] to //brcmfmac//, //hostapd//, //mac80211//, //toolchain/gdb// and the //Linux kernel//   * [[releases:17.01:changelog-17.01.4#security_fixes|Security fixes]] to //brcmfmac//, //hostapd//, //mac80211//, //toolchain/gdb// and the //Linux kernel//
 +  * Introduce latest version of the Wireguard VPN software (0.0.20171017)
 +  * Fix Xen support in the x86/generic subtarget, add Xen support in the x86/64 subtarget
   * Assorted platform fixes for //ar71xx//, //bcm53xx//, //ramips// and //x86//   * Assorted platform fixes for //ar71xx//, //bcm53xx//, //ramips// and //x86//
  
-While this release includes fixes for the [[https://www.krackattacks.com/|bugs in the WPA Protocol disclosed earlier this week]], these fixes do not fix the problem on the client-side. You still need to update **all** your client devices. As some client devices might never receive an update, an [[docs:user-guide:wifi_configuration#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] was introduced in hostapd to complicate these attacksslowing them down. Please note that this does not fully protect you from them, especially when running older versions of wpa_supplicant vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default.+===About the KRACK attack===  
 + 
 +While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side.  
 +**You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.**  
 +Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi:start#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacksslowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default.
  
 Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE.
 +
 +For a detailed list of changes since 17.01.3 refer to https://lede-project.org/releases/17.01/changelog-17.01.4
  
 As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters. As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.
  • Last modified: 2018/03/03 20:20
  • by 192.0.170.247