OpenWrt v18.06.3 Changelog

This changelog lists all commits done in OpenWrt since the v18.06.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.3 release.

4058406 build: Accept BIN_DIR parameter for legacy-images (+2,-2)

400601f tools/libelf: Add mirrors as main site is dead (+3,-2)
aaa3452 tools/pkg-config: pass arguments at the end (+1,-1)
24aefae tools/pkg-config: Handle variable substitution of 'bindir' to redirect to STA... (+1,-1)

1f1f421 kernel: bump 4.9 to 4.9.153 (+20,-20)
026f08a kernel: bump 4.14 to 4.14.96 (+20,-19)
21762fe kernel: bump 4.9 to 4.9.154 (+14,-14)
ef17eda kernel: bump 4.14 to 4.14.97 (+14,-14)
72870cc kernel: bump 4.9 to 4.9.155 (+14,-88)
fbb2186 kernel: bump 4.14 to 4.14.98 (+13,-87)
9fb3710 kernel: bump 4.9 to 4.9.156 (+62,-62)
62feabe kernel: bump 4.14 to 4.14.99 (+28,-28)
d669be4 kernel: bump 4.9 to 4.9.158 (+2,-2)
20f1b7d kernel: bump 4.14 4.14.101 (+2,-2)
e9cb40c kernel: bump 4.9 to 4.9.159 (+9,-532)
1be6ff6 kernel: bump 4.14 to 4.14.102 (+3,-90)
e2ba7a4 kernel: bump 4.9 to 4.9.160 (+14,-14)
9ee8c8d kernel: bump 4.14 to 4.14.103 (+3,-3)
eea5382 kernel: fix refcnt leak in LED netdev trigger on interface rename (+13,-17)
5183df0 kernel: bump 4.9 to 4.9.161 (+36,-36)
810ee3b kernel: bump 4.14 to 4.14.104 (+273,-273)
2b9d2f6 kernel: bump 4.9 to 4.9.162 (+5,-5)
4918fe0 kernel: bump 4.14 to 4.14.105 (+12,-12)
24f3207 kernel: bump 4.9 to 4.9.163 (+6,-6)
0a637c7 kernel: bump 4.14 to 4.14.106 (+19,-19)
dcdf509 kernel: bump 4.9 to 4.9.164 (+11,-11)
6c3ca1d kernel: bump 4.14 to 4.14.107 (+2,-2)
dac25a5 kernel: bump 4.9 to 4.9.165 (+82,-82)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)
1ff4cd1 kernel: bump 4.9 to 4.9.166 (+5,-5)
ca8b4d6 kernel: bump 4.14 to 4.14.109 (+2,-2)
07bd5b7 kernel: bump 4.9 to 4.9.167 (+6,-6)
dad220a kernel: bump 4.14 to 4.14.110 (+3,-3)
aa0e6fc kernel: bump 4.9 to 4.9.168 (+8,-8)
6c81f5f kernel: bump 4.14 to 4.14.111 (+10,-10)
15a70d0 kernel: bump 4.9 to 4.9.169 (+7,-5)
ac3b5f0 kernel: bump 4.14 to 4.14.112 (+5,-4)
a5c62c9 kernel: bump 4.9 to 4.9.170 (+8,-8)
3103bd5 kernel: bump 4.14 to 4.14.113 (+4,-4)
2faceb1 kernel: bump 4.9 to 4.9.171 (+179,-177)
4685bf1 kernel: bump 4.14 to 4.14.114 (+148,-217)
f105a9c kernel: bump 4.9 to 4.9.172 (+9,-9)
412d80c kernel: bump 4.14 to 4.14.115 (+2,-2)
f053a8c kernel: bump 4.9 to 4.9.175 (+15,-15)
d3053b1 kernel: bump 4.14 to 4.14.118 (+11,-11)
e6928e6 kernel: Fix arc kernel build (+10,-10)
82e4b42 kernel: bump 4.9 to 4.9.176 (+2,-2)
152755c kernel: bump 4.14 to 4.14.119 (+2,-2)
85294fc kernel: bump 4.9 to 4.9.177 (+6,-6)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)
054aecd kernel: bump 4.9 to 4.9.178 (+2,-2)
7e07320 kernel: bump 4.14 to 4.14.121 (+2,-2)
9591155 kernel: Fix arc kernel 4.14 build (+10,-10)
e3408d0 kernel: bump 4.9 to 4.9.179 (+8,-8)
6563e49 kernel: bump 4.14 to 4.14.122 (+11,-11)
7fe1b4a kernel: bump 4.9 to 4.9.180 (+2,-2)
1867f10 kernel: bump 4.14 to 4.14.123 (+4,-4)
5dbac47 kernel: re-add bridge allow reception on disabled port (+10,-6)
40b1e89 kernel: bump 4.9 to 4.9.181 (+16,-16)
f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)
85eda6f kernel: mt29f_spinand: fix memory leak during page program (+90)
6fa6f74 kernel: backport 4.18 patch adding DMI_PRODUCT_SKU (+57)
e493230 kernel: bump 4.14 to 4.14.126 (+3,-3)
9de2f4d kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34 kernel: bump 4.14 to 4.14.127 (+5,-5)
bd0c398 kernel: bump 4.14 to 4.14.128 (+11,-11)

dcfca83 ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE (+9,-3)
3239f56 uboot-fritz4040: Add host flags for host compiler (+2,-2)
a0543d8 uboot-fritz4040: update PKG_MIRROR_HASH (+1,-1)

87fb8ae dnsmasq: allow using dnsmasq as the sole resolver (+16,-16)
ce3a53c dnsmasq: prefer localuse over resolvfile guesswork (+5,-5)
9f2cbca busybox: add missing install dir (+2,-1)
4b4de23 openssl: update to 1.0.2r (+6,-6)
ecfe0f1 ca-certificates: update to version 20190110 (+3,-4)
40ed838 mbedtls: update to version 2.16.1 (+37,-37)
dc1b578 curl: Fix multiple security problems (+222,-1)
6761961 openssl: update to 1.0.2s (+2,-2)
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

9656f49 base-files: fix uci led oneshot/timer trigger (+1)

9b14c7d netifd: handle hotplug event socket errors (+4,-4)
d0fa124 iprule: fix segfault (FS#1875) (+2,-6)
a2aba5c system-linux: handle hotplug event socket ENOBUFS errors (+47,-6)

e0505cc Revert "uhttpd: disable concurrent requests by default" (+2,-2)
e9a7344 uci: fix heap use after free (FS#2288) (+3,-3)
f199b96 uci: fix options list of section after type change (+31)
5d27e87 rpcd: fix init script reload action (+3,-6)
fc39d5f fstools: media change detection (eg:sdcard) using kernel polling (+10,-1)
25fc20d fstools: update to the latest master branch (+3,-3)
bc2c876 libfstools: Print error in case of loop blkdev failure (+3,-1)
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant (+1,-1)
97ae9e0 fstools: block-mount: fix restart of fstab service (+5,-1)

6c81f5f kernel: bump 4.14 to 4.14.111 (+10,-10)
4685bf1 kernel: bump 4.14 to 4.14.114 (+148,-217)
b2b1265 apm821xx: backport accepted linux-crypto patches (+1.1K)
f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)

1f1f421 kernel: bump 4.9 to 4.9.153 (+20,-20)

1f1f421 kernel: bump 4.9 to 4.9.153 (+20,-20)
bc3eb97 ar71xx: Fix 5 GHz MAC address for Archer C60 v2 (+6,-1)
dcdf509 kernel: bump 4.9 to 4.9.164 (+11,-11)
aa0e6fc kernel: bump 4.9 to 4.9.168 (+8,-8)
9c4fa1b ar71xx: Remove ath10k packages from archer-c7-v1 (fixes FS#1743) (+1,-1)
c7eb679 ar71xx: Add "info" partition for TP-Link Archer C7 v5 (+1,-1)
7268ebb ar71xx: Correct MAC address for WAN interface of Archer C7 v5 (+4)
6ac061f ar71xx: Fix IMAGE_SIZE for TP-Link Archer C7 v5 (+1,-1)
e6e5435 ar71xx: GL.iNet AR300M family: correct LED definitions (+2,-8)
f105a9c kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c kernel: bump 4.9 to 4.9.175 (+15,-15)
cf2aa87 ar71xx: Fix network setup for TP-Link Archer C25 v1 (+9,-9)
85294fc kernel: bump 4.9 to 4.9.177 (+6,-6)
40b1e89 kernel: bump 4.9 to 4.9.181 (+16,-16)
9de2f4d kernel: bump 4.9 to 4.9.182 (+14,-14)

f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)

9fb3710 kernel: bump 4.9 to 4.9.156 (+62,-62)
e9cb40c kernel: bump 4.9 to 4.9.159 (+9,-532)
aa0e6fc kernel: bump 4.9 to 4.9.168 (+8,-8)
f105a9c kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c kernel: bump 4.9 to 4.9.175 (+15,-15)
40b1e89 kernel: bump 4.9 to 4.9.181 (+16,-16)
fc1dae5 brcm2708: Revert "staging: vc04_services: prevent integer overflow in create_... (+48,-3)

e336124 brcm63xx: HG655b: fix the imagetag at dts (+1,-1)
dcdf509 kernel: bump 4.9 to 4.9.164 (+11,-11)
cfb72ee brcm63xx: drop own implementation of DT partitions in favour of upstream (-320)
4b633af brcm63xx: drop linux,part-probe usage where possible (+5,-180)

6563e49 kernel: bump 4.14 to 4.14.122 (+11,-11)
1867f10 kernel: bump 4.14 to 4.14.123 (+4,-4)

62feabe kernel: bump 4.14 to 4.14.99 (+28,-28)
84aba57 gemini: 4.14: Fix up DNS-313 compatible string (+1,-1)

1be6ff6 kernel: bump 4.14 to 4.14.102 (+3,-90)
dcfca83 ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE (+9,-3)

62feabe kernel: bump 4.14 to 4.14.99 (+28,-28)
1be6ff6 kernel: bump 4.14 to 4.14.102 (+3,-90)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)
d3053b1 kernel: bump 4.14 to 4.14.118 (+11,-11)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)
5fe809d Revert "ipq806x: fix EA8500 switch control" (+4,-18)

1f1f421 kernel: bump 4.9 to 4.9.153 (+20,-20)
21762fe kernel: bump 4.9 to 4.9.154 (+14,-14)
9fb3710 kernel: bump 4.9 to 4.9.156 (+62,-62)
e2ba7a4 kernel: bump 4.9 to 4.9.160 (+14,-14)
40b1e89 kernel: bump 4.9 to 4.9.181 (+16,-16)

dac25a5 kernel: bump 4.9 to 4.9.165 (+82,-82)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)

1f1f421 kernel: bump 4.9 to 4.9.153 (+20,-20)
026f08a kernel: bump 4.14 to 4.14.96 (+20,-19)
1a6d7a6 lantiq: tdw89x0: Fix WLAN LED on TP-Link W8970 v1.2 (FS#2232) (+1)
f053a8c kernel: bump 4.9 to 4.9.175 (+15,-15)
d3053b1 kernel: bump 4.14 to 4.14.118 (+11,-11)
e3408d0 kernel: bump 4.9 to 4.9.179 (+8,-8)
6563e49 kernel: bump 4.14 to 4.14.122 (+11,-11)

21762fe kernel: bump 4.9 to 4.9.154 (+14,-14)
72870cc kernel: bump 4.9 to 4.9.155 (+14,-88)
9fb3710 kernel: bump 4.9 to 4.9.156 (+62,-62)
e9cb40c kernel: bump 4.9 to 4.9.159 (+9,-532)
e2ba7a4 kernel: bump 4.9 to 4.9.160 (+14,-14)
2b9d2f6 kernel: bump 4.9 to 4.9.162 (+5,-5)
24f3207 kernel: bump 4.9 to 4.9.163 (+6,-6)
dac25a5 kernel: bump 4.9 to 4.9.165 (+82,-82)
1ff4cd1 kernel: bump 4.9 to 4.9.166 (+5,-5)
07bd5b7 kernel: bump 4.9 to 4.9.167 (+6,-6)
15a70d0 kernel: bump 4.9 to 4.9.169 (+7,-5)
a5c62c9 kernel: bump 4.9 to 4.9.170 (+8,-8)
2faceb1 kernel: bump 4.9 to 4.9.171 (+179,-177)
f105a9c kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c kernel: bump 4.9 to 4.9.175 (+15,-15)
e3408d0 kernel: bump 4.9 to 4.9.179 (+8,-8)
40b1e89 kernel: bump 4.9 to 4.9.181 (+16,-16)

ef17eda kernel: bump 4.14 to 4.14.97 (+14,-14)
fbb2186 kernel: bump 4.14 to 4.14.98 (+13,-87)
62feabe kernel: bump 4.14 to 4.14.99 (+28,-28)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)
f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)

15a70d0 kernel: bump 4.9 to 4.9.169 (+7,-5)

fbb2186 kernel: bump 4.14 to 4.14.98 (+13,-87)
810ee3b kernel: bump 4.14 to 4.14.104 (+273,-273)
0a637c7 kernel: bump 4.14 to 4.14.106 (+19,-19)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)
ac3b5f0 kernel: bump 4.14 to 4.14.112 (+5,-4)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)
f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)
c449130 mvebu: fixes commit f63a1caf22cb (+1,-1)

1bfe1ce oxnas: cheery-pick DTS improvements from master (+97,-11)
f1803e3 oxnas: add SoC restart driver for reboot (+298,-23)
4918fe0 kernel: bump 4.14 to 4.14.105 (+12,-12)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)
bd0c398 kernel: bump 4.14 to 4.14.128 (+11,-11)

026f08a kernel: bump 4.14 to 4.14.96 (+20,-19)
ef17eda kernel: bump 4.14 to 4.14.97 (+14,-14)
62feabe kernel: bump 4.14 to 4.14.99 (+28,-28)
0a637c7 kernel: bump 4.14 to 4.14.106 (+19,-19)
4336cfd ramips: allow packets with ttl=0 (+2,-2)
22a3e65 kernel: bump 4.14 to 4.14.108 (+8,-8)
d3053b1 kernel: bump 4.14 to 4.14.118 (+11,-11)
b5ce521 ramips: rt305x: Reduce size of a5-v11 image (-1)
f63a1ca kernel: bump 4.14 to 4.14.125 (+34,-33)
bd0c398 kernel: bump 4.14 to 4.14.128 (+11,-11)

4918fe0 kernel: bump 4.14 to 4.14.105 (+12,-12)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)

85294fc kernel: bump 4.9 to 4.9.177 (+6,-6)
68a5e66 kernel: bump 4.14 to 4.14.120 (+249,-249)

d997712 ath9k: register GPIO chip for OF targets (+19,-10)
19a6c4b mac80211: brcmfmac: fix a possible NULL pointer dereference (+7,-3)
d32bbd7 mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixes (+6.9K,-8)
08db939 mac80211: backport tx queue start/stop fix (+273,-1)
85cb473 mac80211: add a fix to prevent unsafe queue wake calls during restart (+33)
02aed76 mac80211: brcmfmac: early work on FullMAC firmware crash recovery (+335)
2d2e615 mac80211: brcmfmac: really add early fw crash recovery (+605)
2cd234d mac80211: brcmfmac: backport important fixes from kernel 5.2 (+544,-12)

13eeee7 mt76: update to the latest version (+3,-3)
c3da1aa mt7603: trigger beacon stuck detection faster (+2,-1)
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails (+5,-3)
6eef33b mt7603: remove mt7603_txq_init (+4,-25)
ae30c30 mt76: add driver callback for when a sta is associated (+8)
0db925f mt7603: update HT/VHT capabilities after assoc (+12,-1)
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set (+4,-2)
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info (+25,-27)
24bd2c0 mt76x0: phy: report target_power in debugfs (+1)
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine (+39,-11)
ab41836 mt76: update to the latest version (+3,-3)
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile) (+2)
edda5c5 mt76x02: use mask for vifs (+13)
dd52191 mt76x02: use commmon add interface for mt76x2u (+5,-19)
a80acaf mt76x02: initialize mutli bss mode when set up address (+18,-16)
38e832d mt76x02: minor beaconing init changes (+12,-6)
171adaf mt76x02: init beacon config for mt76x2u (+1,-5)
dcab682 mt76: beaconing fixes for USB (+30,-11)
ff81de1 mt76x02: enable support for IBSS and MESH (+10,-11)
8027b5d mt7603: remove copyright headers (-240)
e747e80 mt76: fix software encryption issues (+8,-8)
2afa0d7 mt7603: remove WCID override for software encrypted frames (+1,-8)
e5ace80 mt76: update to the latest version (+3,-3)
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked (+1,-1)
4d7e13f mt76: explicitly disable energy detect cca during scan (+12,-8)
e3c1aad mt76: run MAC work every 100ms (+7,-6)
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init (+3)
e301f23 mt76: measure the time between mt76x02_edcca_check runs (+10,-2)
74075ef mt76: increase ED/CCA tx block threshold (+1,-1)
8de93ce mt76: update to the latest version (+3,-3)
28d81ff mt76x0: eeprom: fix VHT mcs{8,9} rate power offset (+3,-3)
6e33ce6 mt76: move mt76_mcu_msg_alloc in mt76-core (+49,-29)
4637f95 mt76: move mt76_mcu_get_response in mt76-core (+20,-16)
1763cb0 mt76: move mt76_mcu_rx_event in mt76-core (+9,-2)
4db9d75 mt76x0: mcu: remove useless commented configuration (-6)
91d0455 mt76: move mt76_dma_tx_queue_skb_raw in mt76-core module (+37,-32)
0e8e53f mt76: remove add_buf pointer in mt76_queue_ops (-2)
db47920 mt7603: rely on mt76_mcu_msg_alloc routine (+7,-16)
471c447 mt7603: rely on mt76_mcu_get_response routine (+1,-17)
cacc986 mt7603: rely on mt76_mcu_rx_event routine (+2,-9)
11ab620 mt7603: rely on mt76_tx_queue_skb_raw common routine (+3,-27)
82fa312 mt7603: move alloc_dev common code in mt76_alloc_device (+33,-42)
47d5922 mt76: move alloc_device common code in mt76_alloc_device (+14,-13)
c50c993 mt76x2u: remove mt76x2u_alloc_device routine (+18,-30)
6ed5b7a mt76x0: remove mt76x0u_alloc_device routine (+24,-38)
e32e249 mt76x2: remove mt76x2_alloc_device routine (+20,-33)
⇒ + 55 more...
f87a187 mt76: update to latest openwrt-18.06 branch (+3,-3)
00ac79d mt7603: fix initialization of max rx length (+6,-1)
320af65 mt76: mt7603: use the correct hweight8() function (+3,-4)
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state (+23,-16)
abcb544 mt76x02: do not enable RTS/CTS by default (+2,-3)
13eb73b mt76: update to latest openwrt-18.06 branch (+3,-3)
9e3ef1f mt7603: fix sequence number assignment (+18,-43)
a5f5605 mt7603: send BAR after powersave wakeup (+1,-1)

#1743

Description: Archer C7 v1.1 is soft bricked with the 18.06 release
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1743
Commits:
9c4fa1b ar71xx: Remove ath10k packages from archer-c7-v1 (fixes FS#1743) (+1,-1)

#2098

Description: Unable to detect wifi LED
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2098
Commits:
d997712 ath9k: register GPIO chip for OF targets (+19,-10)

#2168

Description: Switch no longer work after restart on Linksys EA8500
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2168
Commits:
5fe809d Revert "ipq806x: fix EA8500 switch control" (+4,-18)

#2232

Description: Wifi LED on W8970 Not Working (v18.06.2)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2232
Commits:
1a6d7a6 lantiq: tdw89x0: Fix WLAN LED on TP-Link W8970 v1.2 (FS#2232) (+1)

#2288

Description: uci memory corruption when setting section name
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2288
Commits:
e9a7344 uci: fix heap use after free (FS#2288) (+3,-3)
f199b96 uci: fix options list of section after type change (+31)

CVE-2018-14618

Description: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2018-16839

Description: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2018-16840

Description: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2018-16842

Description: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2018-16890

Description: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2018-1000026

Description: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000026
Commits:
e9cb40c kernel: bump 4.9 to 4.9.159 (+9,-532)
1be6ff6 kernel: bump 4.14 to 4.14.102 (+3,-90)

CVE-2019-3819

Description: A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3819
Commits:
d669be4 kernel: bump 4.9 to 4.9.158 (+2,-2)
20f1b7d kernel: bump 4.14 4.14.101 (+2,-2)

CVE-2019-3822

Description: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2019-3823

Description: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
Commits:
dc1b578 curl: Fix multiple security problems (+222,-1)

CVE-2019-9494

Description: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494
Commits:
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-9495

Description: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495
Commits:
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-9496

Description: An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496
Commits:
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-9497

Description: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497
Commits:
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-9498

Description: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498
Commits:
6761961 openssl: update to 1.0.2s (+2,-2)
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-9499

Description: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499
Commits:
6761961 openssl: update to 1.0.2s (+2,-2)
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

CVE-2019-11477

Description: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
Commits:
9de2f4d kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34 kernel: bump 4.14 to 4.14.127 (+5,-5)

CVE-2019-11478

Description: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
Commits:
9de2f4d kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34 kernel: bump 4.14 to 4.14.127 (+5,-5)

CVE-2019-11479

Description: Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
Commits:
9de2f4d kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34 kernel: bump 4.14 to 4.14.127 (+5,-5)

CVE-2019-11555

Description: The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555
Commits:
b463a13 hostapd: fix multiple security problems (+2.4K,-1)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2019/06/21 12:37
  • by jow