OpenWrt 18.06.9 final service release

Hauke Mehrtens hauke at
Wed Dec 9 18:41:21 EST 2020


The OpenWrt Community is proud to announce the ninth service release of 
the stable OpenWrt 18.06 series. OpenWrt 18.06.9 brings security fixes, 
as well as the usual device support fixes and core components update.

End of support for OpenWrt 18.06
This release is the final one for OpenWrt 18.06. You should consider 
upgrading to a newer version (OpenWrt 19.07 or later)

The main highlights of this service release are:

Security fixes
* Security Advisory 2020-12-09-2 - libuci import heap use after free
* Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can
   be used to facilitate DNS poisoning attack (CVE-2020-25705)
* Security Advisory 2020-05-06-2 - relayd out-of-bounds reads of heap
   data and possible buffer overflow (CVE-2020-11752)
* Security Advisory 2020-05-06-1 - umdns out-of-bounds reads of heap
   data and possible buffer overflow (CVE-2020-11750)
* libjson-c: fix out of bounds write vulnerability (CVE-2020-12762)
* mac80211: backport some fixes for the Kr00k vulnerability in WPA. It
   is not clear which wireless driver/firmware combinations could be
   vulnerable in OpenWrt. These backported patches harden mac80211 just
   in case.

Note: security fixes for most packages can also be applied by upgrading 
only the affected packages on running devices, without the need for a 
full firmware upgrade. This can be done with opkg update; opkg upgrade 
the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 
18.06.9 or a newer major release whenever possible.

Bug fixes
* libubox: Fix regression that could cause procd to fail to start or
   restart some services. This is especially visible as it broke LuCI
   when upgrading from older 18.06.X releases (FS#3177)
* musl: fix locking synchronization bug
* kernel: backport out-of-memory fix for non-Ethernet devices
* firewall: fix TCP MSS clamping that was only applied on one direction

Device support
* brcm63xx: fix BCM6348/BCM6358 hangs while booting (FS#2202)
* ipq40xx: fix essedma MAC hang by disabling TCP segmentation offload
   for IPv6
* ramips: fix USB detection on all rt305x devices
* mikrotik: add support for the new ath9k caldata encoding (LZO) found
   in newer hardware revisions
* Various fixes for ZyXEL Keenetic, ZyXEL NBG6616, TP-Link Archer C60
   v1/v2, GL.iNet GL-AR750S, Embedded Wireless Dorin, Pirelli A226M-FWB,
   Arduino Yun

Core components update
* Linux kernel updated from 4.9.214 to 4.9.243 and from 4.14.171 to
* mbedtls updated from 2.16.4 to 2.16.8
* wireguard updated from 0.0.20190601 to 1.0.20200611

For latest information about the 18.06 series, refer to the wiki at:

To download the v18.06.9 images, navigate to:

As always, a big thank you goes to all our active package maintainers,
testers, documenters, and supporters.

Have fun!

The OpenWrt Community

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openwrt-devel mailing list