OpenWrt v18.06.1 Changelog
This changelog lists all commits done in OpenWrt since the v18.06.0 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.1 release.
Build System / Buildroot (3 changes)
5f23d0f
include/feeds.mk: fix distfeeds.conf without per-feed repos (+1,-1)
e3ab280
kernel: remove linux 3.18 support (+1,-41.4K)
4017c52
kernel: remove linux 4.4 support (+1,-42.1K)
Build System / Host Utilities (2 changes)
c448f79
tools: m4: fix compilation with glibc 2.28 (+118)
9866622
tools: findutils: fix compilation with glibc 2.28 (+104)
Build System / SDK (2 changes)
4f30825
sdk: bundle usbip userspace sources (+4)
2589f85
sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)
Kernel (23 changes)
20c64da
kernel: re-add patch for AT8032 Ethernet PHY (+81,-11)
d700eb1
kernel: remove duplicate #define's in at803x Ethernet PHY driver (+14,-20)
f766833
Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address (+4,-4)
f8e57f4
kernel: backport mtd patches with Broadcom of_match_table-s (+168,-19)
b5b5f5d
kernel: backport mtd support for subpartitions in DT (+402,-36)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
e3ab280
kernel: remove linux 3.18 support (+1,-41.4K)
4017c52
kernel: remove linux 4.4 support (+1,-42.1K)
1e5bd42
kernel: usb: dwc2 DMA alignment fixes (+176)
d101899
linux: update license tag to use correct SPDX tag (+1,-1)
eb06fa6
kernel: generic: fix problem with w1-gpio-custom (+86)
0990dfc
Revert "kernel: usb: dwc2 DMA alignment fixes" (-176)
ca3174e
kernel: bump 4.9 to 4.9.118 (+19,-18)
16d89ef
kernel: bump 4.14 to 4.14.61 (+4,-4)
fb5f026
kernel: backport upstream fix for CVE-2018-5390 (+76)
ae1ae07
kernel: remove stray 4.4 references (-2)
bd451d4
kernel: add pending e1000e fixes (+331)
9fe68b4
kernel: move e1000e patches to backports ()
e4a5750
kernel: bump 4.9 to 4.9.119 (+18,-109)
67f91df
kernel: bump 4.14 to 4.14.62 (+5,-10)
bfc9a44
kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e
kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)
Packages / Common (15 changes)
93782d5
ca-certificates[18.06]]: remove myself as PKG_MAINTAINER (+1,-1)
7d15f96
iperf: bump to 2.0.12 (+2,-2)
c3df07a
kernel: gpio-nct5104d remove boardname check (-5)
8139438
dropbear: close all active clients on shutdown (+5)
7e03be7
kernel: leds-apu2 remove boardname check (-12)
25cb85a
wwan: Fix teardown for sierra_net driver (+1,-1)
fe90d14
libevent2: Don't build tests and samples (+13)
6603a0c
mbedtls: Deactivate platform abstraction (+9)
69c75f0
mbedtls: cleanup config patch (+32,-40)
0d5a041
mbedtls: Activate the session cache (-9)
ea22e3d
mbedtls: Update to 2.12.0 (+123,-33)
8d903be
curl: Fix CVE-2018-0500 (+33,-1)
2a8d8ad
Revert "libevent2: Don't build tests and samples" (-13)
433c94f
wpa_supplicant: fix CVE-2018-14526 (+48)
e11df1e
openssl: update to version 1.0.2p (+4,-4)
Packages / Firmware (2 changes)
c61f543
firmware: amd64-microcode: update to 20180524 (+2,-2)
aeec1dd
firmware: intel-microcode: bump to 20180703 (+6,-6)
Packages / OpenWrt base files (2 changes)
da9a7a9
basefiles: Reword sysupgrade message (+1,-1)
6a27c2f
base-files: drop fwtool_pre_upgrade (-7)
Packages / OpenWrt network userland (4 changes)
8be3af9
uclient: update to latest git HEAD (+3,-3)
⇒ f2573da
uclient-fetch: use package name pattern in message for missing SSL library (+1,-1)
⇒ 9fd8070
uclient-fetch: Check for nullpointer returned by uclient_get_url_filename (+6)
⇒ f41ff60
uclient-http: basic auth: Handle memory allocation failure (+7,-2)
⇒ a73b23b
uclient-http: auth digest: Handle multiple possible memory allocation failures (+34,-9)
⇒ 66fb58d
uclient-http: Handle memory allocation failure (+3)
⇒ 2ac991b
uclient: Handle memory allocation failure for url (+3)
⇒ 63beea4
uclient-http: Implement error handling for header-sending (+24,-13)
⇒ eb850df
uclient-utils: Handle memory allocation failure for url file name (+1,-1)
⇒ ae1c656
uclient-http: Close ustream file handle only if allocated (+2,-1)
23d4f66
netifd: update to latest git HEAD (+3,-3)
⇒ c1f6a82
system-linux: add autoneg and link-partner output (+6)
⇒ e9eff34
system-linux: extend link mode speed definitions (+22,-6)
⇒ d1251e1
system-linux: adjust bridge isolate mode for upstream attribute naming (+3,-3)
⇒ 03785fb
system-linux: fix build error on older kernels (+2)
⇒ 57f87ad
Introduce new interface event "create" (IFEV_CREATE) (+4)
⇒ 5cf7975
iprule: rework interface based rules to handle dynamic interfaces (+164,-21)
⇒ 60293a7
replace fall throughs in switch/cases where possible with simple code changes (+19,-16)
⇒ b06b011
proto-shell.c: add a explicit "fall through" comment to make the compiler happy (+2,-1)
⇒ 908a9f4
CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags (+1,-1)
⇒ 291ccbb
ubus: display correct prefix size for IPv6 prefix address (+1,-1)
⇒ 263631a
vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() (+4,-2)
⇒ a2f952d
iprule: fix broken in_dev/out_dev checks (+2,-2)
⇒ b8c1bca
iprule: remove bogus assert calls (-3)
⇒ ca97097
netifd: make sure the vlan ifname fits into the buffer (+3)
⇒ 75ee790
interface-ip: fix eui64 ifaceid generation (FS#1668) (+2,-2)
⇒ a0a1e52
fix compile error (-1)
ea22e3d
mbedtls: Update to 2.12.0 (+123,-33)
1e4b5c8
ustream-ssl: update to version 2018-05-22 (+4,-4)
⇒ e8a1469
mbedtls: Add support for a session cache (+21)
⇒ 5322f9d
mbedtls: Fix setting allowed cipher suites (+12,-15)
Packages / OpenWrt system userland (3 changes)
5742a2b
libubox: fix mirror hash (+1,-1)
508adbd
uci: bump to source date 2018-08-11 (+3,-3)
⇒ 4c8b4d6
delta: fix parsing malformed delta lines (+38)
5eb0553
rpcd: update to latest git HEAD (+3,-3)
⇒ 51980c6
uci: reject invalid section and option names (+74)
⇒ 948bb51
uci: tighten uci add operation error handling (+40,-9)
⇒ c2c612b
uci: tighten uci set operation error handling (+45,-14)
⇒ f91751b
uci: tighten uci delete operation error handling (+33,-10)
⇒ 41333ab
uci: tighten uci reorder operation error handling (+15,-3)
Target / apm821xx (1 change)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
Target / ar7 (1 change)
e3ab280
kernel: remove linux 3.18 support (+1,-41.4K)
Target / ar71xx (3 changes)
20c64da
kernel: re-add patch for AT8032 Ethernet PHY (+81,-11)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
ca3174e
kernel: bump 4.9 to 4.9.118 (+19,-18)
Target / armvirt (1 change)
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
Target / at91 (1 change)
9cc774f
at91: do not build image for at91-q5xr5 (+1,-1)
Target / ath25 (1 change)
1fe7a17
ath25: Do not build images for ubnt2 and ubnt5 (+2,-2)
Target / bcm53xx (5 changes)
f8e57f4
kernel: backport mtd patches with Broadcom of_match_table-s (+168,-19)
9c110b9
bcm53xx: backport DT fix for I2C controller interrupt (+24)
f7e647c
bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus (+459,-1)
5828113
bcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+ (+475,-104)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
Target / brcm2708 (3 changes)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
be4ab7e
brcm2708: fix w1 patch (+23,-34)
e4a5750
kernel: bump 4.9 to 4.9.119 (+18,-109)
Target / brcm47xx (3 changes)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
5b1c657
brcm47xx: cosmetic fix in model detection (+1,-1)
Target / brcm63xx (3 changes)
b5b5f5d
kernel: backport mtd support for subpartitions in DT (+402,-36)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
Target / cns3xxx (1 change)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
Target / ipq40xx (1 change)
bfc9a44
kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
Target / ixp4xx (1 change)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
Target / lantiq (1 change)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
Target / layerscape (2 changes)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
e4a5750
kernel: bump 4.9 to 4.9.119 (+18,-109)
Target / mediatek (4 changes)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
16d89ef
kernel: bump 4.14 to 4.14.61 (+4,-4)
bfc9a44
kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
Target / mvebu (2 changes)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
Target / octeontx (1 change)
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
Target / oxnas (1 change)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
Target / ramips (5 changes)
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
f634635
ramips: fix gigabit switch PHY access on MDIO (+2,-1)
b40316c
mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible (+6)
cb043ad
Revert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible" (-6)
75e4d2d
ramips: add missing USB packages into ASL26555-16M (+1,-1)
Target / sunxi (3 changes)
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
ca3174e
kernel: bump 4.9 to 4.9.118 (+19,-18)
Wireless / Mwlwifi (1 change)
ec1c66f
mwlwifi: update to version 10.3.8.0-20180615 (+13,-4)
⇒ ccdc1ba
Added firmware for 88W8997 (version 8.4.0.11). ()
⇒ f325db2
Added code to support 88W8997. (+718,-187)
⇒ f0d4733
Enlarged minimum head room from 64 to 128. (+7,-1)
⇒ 5bc9659
Fixed problem: ack socket buffer is not correct. (+1,-1)
⇒ 7799b5a
Added code to calculate tx init rate. (+75)
⇒ 9271457
Added code to support mesh. (+137,-2)
⇒ de93530
Corrected channel setting for KF2. (+17,-2)
⇒ deffe2b
Corrected station adding for KF2. (+6,-3)
⇒ 97dbb61
Corrected power setting for KF2. (+101,-22)
⇒ b7a314a
Modified the code to avoid warning from mac80211. (+4,-2)
⇒ cdaeb32
Added code to display channel definition for vif. (+14)
⇒ c61e3a4
Added code to display mesh IEs of mesh vif. (+21,-12)
⇒ 04b3d0d
Added host command set slot time for KF2. (+50)
⇒ c6b4541
Added host command EDMAC control for KF2. (+68)
⇒ 6714fc6
Added extra HW feature for KF2. (+3)
⇒ a6dd207
Removed non-ported features for KF2. (-8)
⇒ + 19 more...
Miscellaneous (2 changes)
888cc05
build: Update README & github help (+22,-17)
5a430bd
build: README punctuation pendantry (+2,-2)
Addressed bugs
#1367
Description: Crash in dwc2_lowlevel_hw_disable when using Huawei E3372
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1367
Commits:
1e5bd42
kernel: usb: dwc2 DMA alignment fixes (+176)
#1541
Description: Invalid Kernel logspam : sit: non-ECT from <various IPs, Invalid IPs>
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1541
Commits:
9e1530b
kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
#1571
Description: netifd does not honor rules when using network.lan.enabled=0|1
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1571
Commits:
5cf7975
iprule: rework interface based rules to handle dynamic interfaces (+164,-21)
#1668
Description: netifd: ip6ifaceid='eui64' broken when type is not bridge
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1668
Commits:
23d4f66
netifd: update to latest git HEAD (+3,-3)
⇒ c1f6a82
system-linux: add autoneg and link-partner output (+6)
⇒ e9eff34
system-linux: extend link mode speed definitions (+22,-6)
⇒ d1251e1
system-linux: adjust bridge isolate mode for upstream attribute naming (+3,-3)
⇒ 03785fb
system-linux: fix build error on older kernels (+2)
⇒ 57f87ad
Introduce new interface event "create" (IFEV_CREATE) (+4)
⇒ 5cf7975
iprule: rework interface based rules to handle dynamic interfaces (+164,-21)
⇒ 60293a7
replace fall throughs in switch/cases where possible with simple code changes (+19,-16)
⇒ b06b011
proto-shell.c: add a explicit "fall through" comment to make the compiler happy (+2,-1)
⇒ 908a9f4
CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags (+1,-1)
⇒ 291ccbb
ubus: display correct prefix size for IPv6 prefix address (+1,-1)
⇒ 263631a
vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() (+4,-2)
⇒ a2f952d
iprule: fix broken in_dev/out_dev checks (+2,-2)
⇒ b8c1bca
iprule: remove bogus assert calls (-3)
⇒ ca97097
netifd: make sure the vlan ifname fits into the buffer (+3)
⇒ 75ee790
interface-ip: fix eui64 ifaceid generation (FS#1668) (+2,-2)
⇒ a0a1e52
fix compile error (-1)
#1669
Description: Luci Interface Status showing incorrect ipv6 subnet size
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1669
Commits:
291ccbb
ubus: display correct prefix size for IPv6 prefix address (+1,-1)
#1707
Description: libubox PKG_MIRROR_HASH is wrong
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1707
Commits:
5742a2b
libubox: fix mirror hash (+1,-1)
#1725
Description: Wireguard & Wireguard-Tools not built for aarch64_cortex-a53 (raspberry pi 3)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1725
Commits:
2589f85
sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)
Security fixes
CVE-2017-5715
Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
c61f543
firmware: amd64-microcode: update to 20180524 (+2,-2)
CVE-2018-0497
Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
Commits:
ea22e3d
mbedtls: Update to 2.12.0 (+123,-33)
CVE-2018-0498
Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
Commits:
ea22e3d
mbedtls: Update to 2.12.0 (+123,-33)
CVE-2018-0500
Description: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500
Commits:
8d903be
curl: Fix CVE-2018-0500 (+33,-1)
CVE-2018-0732
Description: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
Commits:
e11df1e
openssl: update to version 1.0.2p (+4,-4)
CVE-2018-0737
Description: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
Commits:
e11df1e
openssl: update to version 1.0.2p (+4,-4)
CVE-2018-3620
Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
Commits:
bfc9a44
kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e
kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)
CVE-2018-3639
Description: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
Commits:
6c07577
kernel: add missing ARM64_SSBD symbol (+6)
aeec1dd
firmware: intel-microcode: bump to 20180703 (+6,-6)
CVE-2018-3640
Description: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
Commits:
aeec1dd
firmware: intel-microcode: bump to 20180703 (+6,-6)
CVE-2018-3646
Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
Commits:
bfc9a44
kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e
kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)
CVE-2018-5390
Description: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390
Commits:
fb5f026
kernel: backport upstream fix for CVE-2018-5390 (+76)
CVE-2018-10876
Description: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10876
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10877
Description: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10877
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10879
Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10879
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10880
Description: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10881
Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10882
Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10882
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-10883
Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
Commits:
9ce7aa3
kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
CVE-2018-14526
Description: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
Commits:
433c94f
wpa_supplicant: fix CVE-2018-14526 (+48)