We are releasing Turris OS 5.1.6 from the Testing branch. This release fixes vulnerability against cross-site scripting in Foris (CVE-2021-3346). The issue was disclosed by Niklas Volcz, who contacted us first before exposing it in public.
There are updated kernel and fixed Syslog warnings in the resolver dynamic script domain.
You will be updated to this version automatically when you are using automatic updates. If you are not using them and using approvals/delayed updates, we suggest checking Updater tab and approve this release to make you safe if you configured Foris to be accessible from the outside of your network.
We will appreciate any feedback regarding this release and if you find any bugs, please follow our article in our documentation for Getting help.
Turris Omnia with OpenVPN
All Good Linux version 4.14.214 (packaging@turris.cz) (gcc version 7.5.0 (OpenWrt GCC 7.5.0 c9388fa)) #0 SMP Thu Jan 14 09:13:08 2021
To be clear, I believe that setting with dnsmasq’s DNS port other than 0 has never been officially supported on any Turris, but… I agree it would be better to keep this setting (without adding any down-sides, which might not be trivial I suspect). This configuration tweak certainly is not required to keep reverse IPv4 lookups working – those just work based on one click in (re)Foris. (EDIT: I’m sorry, I was being confused somehow, see below.)
I must confirm what salty has written up, for me the reverse lookup didn’t work as well, but I didn’t care why. After remove option port 0, reverse lookup suddenly start to work just fine.
Oh, I somehow confused things at that moment, I’m sorry. Forward lookups work on the one click; for unblocking reverse lookups I’d probably use the way from the link posted just above.