| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| releases:17.01:notes-17.01.4 [2017/10/18 09:47] – stintel | releases:17.01:notes-17.01.4 [2018/02/17 16:18] – ↷ Links adapted because of a move operation |
|---|
| * Linux kernel updated to version 4.4.92 (from 4.4.89 in v17.01.3) | * Linux kernel updated to version 4.4.92 (from 4.4.89 in v17.01.3) |
| * [[releases:17.01:changelog-17.01.4#security_fixes|Security fixes]] to //brcmfmac//, //hostapd//, //mac80211//, //toolchain/gdb// and the //Linux kernel// | * [[releases:17.01:changelog-17.01.4#security_fixes|Security fixes]] to //brcmfmac//, //hostapd//, //mac80211//, //toolchain/gdb// and the //Linux kernel// |
| | * Introduce latest version of the Wireguard VPN software (0.0.20171017) |
| | * Fix Xen support in the x86/generic subtarget, add Xen support in the x86/64 subtarget |
| * Assorted platform fixes for //ar71xx//, //bcm53xx//, //ramips// and //x86// | * Assorted platform fixes for //ar71xx//, //bcm53xx//, //ramips// and //x86// |
| |
| While this release includes fixes for the [[https://www.krackattacks.com/|bugs in the WPA Protocol disclosed earlier this week]], these fixes do not fix the problem on the client-side. You still need to update **all** your client devices. As some client devices might never receive an update, an [[docs:user-guide:wifi_configuration#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] was introduced in hostapd to complicate these attacks. slowing them down. Please note that this does not fully protect you from them, especially when running older versions of wpa_supplicant vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default. | ===About the KRACK attack=== |
| | |
| | While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side. |
| | **You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.** |
| | Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi:start#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacks, slowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default. |
| |
| Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. | Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. |
| | |
| | For a detailed list of changes since 17.01.3 refer to https://lede-project.org/releases/17.01/changelog-17.01.4 |
| |
| As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters. | As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters. |