CVE-2024-54143 Attended Sysupgrade

Hello, I was wondering whether the new CVE affects Turris upgrades as well. If it does, do you have an ETA on a delivery of the fix?

Details:
https://nvd.nist.gov/vuln/detail/CVE-2024-54143
https://lists.openwrt.org/pipermail/openwrt-announce/2024-December/000061.html

2 Likes

Turris OS upgrades based on packages instead of images (like OpenWrt does), hence the answer is no, it doesn’t apply.

4 Likes