[Cerowrt-devel] [Bloat] New OpenWrt release fixing several dnsmasq CVEs

Jonathan Foulkes jf at jonathanfoulkes.com
Fri Jan 22 14:33:47 EST 2021


I installed the updated package on a 19.07.4 box running cake, and QoS performance went down the tubes.
Last night it locked up completely while attempting to stream.

See the PingPlots others have posted to this forum thread, mine look similar, went from constant sub 50ms to very spiky, then some loss, loss increasing, and if high traffic, lock-up.
https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multiple-vulnerabilities/85903/39

load is low, sirq is low, so box does not seem stressed.

Any reason Cake would be sensitive to a dnsmasq bug?

Anyway, heads-up to wait before deploying the update, A new one should be forthcoming.

Thanks,

Jonathan Foulkes

> On Jan 19, 2021, at 6:20 PM, Toke Høiland-Jørgensen via Bloat <bloat at lists.bufferbloat.net> wrote:
> 
> Hi everyone
> 
> In case you haven't seen, there's a new OpenWrt release out[0] that
> fixes several CVEs in dnsmasq; seems like quite a bunch at once[1].
> 
> So in the interest of keeping everyone's routers safe, here's a gentle
> nudge to update :)
> 
> -Toke
> 
> [0] https://openwrt.org/releases/19.07/notes-19.07.6
> [1] https://www.jsof-tech.com/disclosures/dnspooq/
> _______________________________________________
> Bloat mailing list
> Bloat at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat



More information about the Cerowrt-devel mailing list