Turris OS 5.1.6 is out!

Dear Turris users,

We are releasing Turris OS 5.1.6 from the Testing branch. This release fixes vulnerability against cross-site scripting in Foris (CVE-2021-3346). The issue was disclosed by Niklas Volcz, who contacted us first before exposing it in public.

There are updated kernel and fixed Syslog warnings in the resolver dynamic script domain.

You will be updated to this version automatically when you are using automatic updates. If you are not using them and using approvals/delayed updates, we suggest checking Updater tab and approve this release to make you safe if you configured Foris to be accessible from the outside of your network.

We will appreciate any feedback regarding this release and if you find any bugs, please follow our article in our documentation for Getting help.


After each update (on Omnia), an option is added in /etc/config/dhcp which breaks reverse lookup on local hosts.

# cat /etc/config/dhcp

config dnsmasq
        # ...
        option port '0'

config dhcp 'lan'
        # ...
1 Like

Mox A D all smooth!
Well done team!

Turris Omnia with OpenVPN
All Good
Linux version 4.14.214 (packaging@turris.cz) (gcc version 7.5.0 (OpenWrt GCC 7.5.0 c9388fa)) #0 SMP Thu Jan 14 09:13:08 2021

To be clear, I believe that setting with dnsmasq’s DNS port other than 0 has never been officially supported on any Turris, but… I agree it would be better to keep this setting (without adding any down-sides, which might not be trivial I suspect). This configuration tweak certainly is not required to keep reverse IPv4 lookups working – those just work based on one click in (re)Foris. (EDIT: I’m sorry, I was being confused somehow, see below.)

I must confirm what salty has written up, for me the reverse lookup didn’t work as well, but I didn’t care why. After remove option port 0, reverse lookup suddenly start to work just fine.

I have in /etc/config/dhcp:

config dnsmasq
        option port '53'

and in /etc/config/resolver:

config resolver 'common'
        option port '54'

so I diverted kresd to port 54 (just for debug) and turned on resolving via dnsmasq on port 53 works good for long time.

maybe because you removed the option “port 0”, it got re-added.

how do you config local reverse lookups? maybe you can fix it for kresd:

Hi @vcunat, what is the one click reForis solution? I can’t find it.

Oh, I somehow confused things at that moment, I’m sorry. Forward lookups work on the one click; for unblocking reverse lookups I’d probably use the way from the link posted just above.

This topic was automatically closed after 20 days. New replies are no longer allowed.