OpenWrt 19.07.8 service release
Hauke Mehrtens
hauke at hauke-m.de
Sat Aug 7 11:59:17 PDT 2021
Hi,
The OpenWrt community is proud to announce the eighth service release of
OpenWrt 19.07. It fixes security issues, improves device support, and
brings a few bug fixes.
The main changes from OpenWrt 19.07.7 are:
Security fixes
==============
* Fix FragAttacks (fragmentation and aggregation attacks)
vulnerabilities in cfg80211, mac80211, ath10k and ath10k-ct
* We are not sure if some closed source firmware files are still
affected by these problems.
* Security Advisory 2021-08-01-1 - XSS via missing input validation of
host names displayed (CVE-2021-32019)
* Security Advisory 2021-08-01-2 - Stored XSS in hostname UCI variable
(CVE-2021-33425)
* Security Advisory 2021-08-01-3 - luci-app-ddns: Multiple
authenticated RCEs (CVE-2021-28961)
* Various security fixes in packages
Major bug fixes
===============
* Minor bugfixes to support GCC 11 as host compiler
Device support
==============
* TP-Link C7v5 allow flashing from vendor firmware bigger than v1.1
* FRIZZ!Box 7320 Activate power supply to USB ports.
Various fixes and improvements
==============================
* Only pack the signing keys for OpenWrt 19.07 and 21.02 and not the
personal keys any more.
Core components
===============
* Update Linux kernel from 4.14.221 to 4.14.241
* Update mac80211 from 4.19.161-1 to 4.19.193-1
* Update ath10k-ct 4.19 driver from 2019-09-09 to 2021-06-03
* Update OpenVPN from 2.4.7 to 2.4.11
* Update openssl from 1.1.1i to 1.1.1k
* Update mbedtls from 2.16.9 to 2.16.10
* Update wolfssl from 4.6.0 to 4.7.0
Full release notes and upgrade instructions are available at
https://openwrt.org/releases/19.07/notes-19.07.8
In particular, make sure to read the regressions and known issues before
upgrading:
https://openwrt.org/releases/19.07/notes-19.07.8#regressions
For a very detailed list of all changes since 19.07.7, refer to
https://openwrt.org/releases/19.07/changelog-19.07.8
For latest information about the 19.07 series, refer to the wiki at:
https://openwrt.org/releases/19.07/
To download a OpenWrt 19.07.8 firmware image for your device, head to
the Table of Hardware:
https://openwrt.org/toh/start
Or use the new firmware selector:
https://firmware-selector.openwrt.org/
You can also navigate directly in the list of firmware images:
https://downloads.openwrt.org/releases/19.07.8/targets/
As always, a big thank you goes to all our active package maintainers,
testers, documenters, and supporters.
Have fun!
The OpenWrt Community
---
To stay informed of new OpenWrt releases and security advisories, there
are new channels available:
* a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce
* a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
* other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
More information about the openwrt-announce
mailing list