OpenWrt is a firmware based Linux distribution embedded in devices such as personal routers.
Recently, the OpenWrt community released, through a blog post, the release of the new stable version of the OpenWrt series 23.05.3, in which the developers worked to implement a series of significant improvements and new features that improve functionality, as well as add support for new devices and, on the other hand, also solve a series of errors and vulnerabilities detected.
For those who do not know about OpenWrt, I can tell you that this is a Linux distribution, which is intended for use with network devices such as routers and access points. It supports various platforms and architectures, and has a build system that makes it easy to create custom firmware with the necessary packages pre-installed for specific tasks.
What's new in OpenWrt 23.05.3?
This new version of OpenWrt 23.05.3 The implemented security fixes mainly stand out, of which the following are mentioned to have been solved:
- CVE-2023-36328: Fixed an integer overflow vulnerability in mp_grow in libtommath in Dropbear.
- CVE-2023-48795: a vulnerability in the SSH protocol that affects versions prior to 9.6 of OpenSSH and other products. It allows remote attackers to bypass integrity checks, which could lead to downgrade or disabling certain security features. This issue affects several SSH products and libraries, including OpenSSH, Dropbear, PuTTY, Paramiko, WinSCP, among others. It is recommended to upgrade to secure versions to mitigate this security risk.
- CVE-2023-50868: Resolved an issue in dnsmasq that allowed remote denial of service attacks via DNSSEC responses.
- CVE-2024-0727: a vulnerability in OpenSSL when processing malicious PKCS12 files, which can cause a crash and a possible denial of service attack. Applications that load PKCS12 files from untrusted sources may quit abruptly. It is recommended to update OpenSSL to mitigate this security risk.
Another highlight of the new version is the improved support and addition of new devices, since the Ethernet stability on the Orange Pi R1 Plus and devices based on Mediatek MT7981 and MT7986 chips, while on devices mpc85xx increased available RAM on Extreme Networks WS-AP3825 and added support for a variety of devices, including UniFi UK-Ultra, ASUS RT-AX59U, Cudy RE3000 v1, TP-Link EAP225v5, among others.
It is also highlighted that the most components were updated to Linux Kernel version 5.15.150 (in the previous version the Kernel used was version 5.15.137) along with updates to mwlwifi, mt76, netifd, bcm27xx-gpu-fw, mbedtls, openssl, and other components.
On the other hand, in OpenWrt 23.05.3 Fixed false reboot issues on specific devices, hardware support such as WPA3 has been improved and overall system stability has been improved.
Of the other changes that stand out from this new version:
- Improvements made to increase available RAM on some devices
- Fixed RTC of IEI-World Puzzle M90x devices
- Dropbear SSH server has significantly improved data transfer speed when using scp utility.
- Fixed AMPDU session lifecycle
- Fixed monitor mode issues on mt76
- Netgear GS110TPP OEM Installation Fix
- Typo fix for spi properties in Cetron CT3003
- Fan behavior is improved in mt7981
- Removed kmod-usb2 for GL-MT6000
- Enabled mt7981-wo-firmware package by default
- Added missing LED status definitions on GL-MT6000
- Fixed BPI-R3 mac wifi address
If you want to know more about it about the details that are integrated into this new release of the OpenWrt firmware 23.05.3 you can check the information in the original publication In the following link.
Download the new version of OpenWrt 23.05
The builds of this new version are prepared for 36 different platforms, from which update packages can be obtained from the link below.