I'm wondering how to report security related issues privately. It would be nice to have a way to report security vulnerabilities privately to the authorized body and annouce security flaws publicly not before there is a fixed version available. This leads to my second question. Where can I receiv…

LEDE is mostly plain Linux and third-party packages, so most of the security weaknesses should be reported directly to Linux kernel developers, or if a package-specific thing, then to the respective upstream package developers. It makes no sense to track here the possible weaknesses in Linux or in t…

Valid question and I personally think @hnyman excellent reply could be a good starting point to a formal documentation page explaining the how/why and action taken after something is discovered. I do a lot of work in Drupal and we have about 37 000 modules that extend Drupal core that is not a part…

For a user of LEDE, especially if he is not directly involved in package maintaining or software developing, it is almost impossible to keep track of security warnings scattered in countless different places for every package installed. Additionally not all security warnings of those places describ…

@hnyman gave you the great answer. If you're not happy about current state of affairs, you can: Proactively monitor CVEs and if the package you have installed on your LEDE router is mentioned there you can come back to the forum and ask for LEDE-specific information. Start that "centralized place …

[image] Serious flaw in WPA2 protocol lets attackers intercept passwords and much more KRACK attack is especially bad news for Android and Linux users. Will the WPA2 issue be added to the next release?

[image] buggsdummy: Will the WPA2 issue be added to the next release? How about reading the thread about that problem? [image] Critical WiFi Vulnerability Found - KRACK Installing and Using OpenWrt As far as I understand, it has been fixed in LEDE with this commit (…

Security reporting

Site Feedback and Other Questions

hnyman October 16, 2017, 1:36pm 7

How about reading the thread about that problem?

It has already been fixed in master and 17.01 sources. And probably 17.01.4 will be released soon.