Firmware-update: OpenWRT 22.03.3

Versie 22.03.3 van OpenWrt is uitgekomen. OpenWrt is alternatieve opensourcefirmware voor een groot aantal verschillende routers en embedded devices. Door middel van het opkg-package management system is er de mogelijkheid om zelf te bepalen wat de router allemaal wel en niet kan. Ook op GoT zijn er diverse mensen actief mee bezig, zie daarvoor dit topic. Bijwerken van de versie kan gewoon met sysupgrade vanuit de webinterface. In deze uitgave zijn diverse beveiligingsproblemen verholpen.

Security fixes

CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk appletCVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 serverCVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution VulnerabilityCVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwriteCVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private keyCVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet

CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server

CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5

CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite

CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key

CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

Source: Tweakers.net