Openwrt ASU Security Update Advisory (CVE-2024-54143)

Dec 13 2024

Overview

An update has been released to address vulnerabilities in Openwrt ASU. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-54143

Openwrt ASU versions: ~ 920c8a1 (excluded)

Resolved Vulnerabilities

Request hashing mechanism in OpenWrt/ASU uses only 12 characters in SHA-256 hashes, increasing the likelihood of a collision, which could allow malicious firmware images to be distributed (CVE-2024-54143)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-54143

Openwrt ASU version: 920c8a1

Referenced Sites

[1] CVE-2024-54143 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-54143

[2] Build artifact poisoning via truncated SHA-256 hash and command injection

https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q

Openwrt ASU Security Update Advisory (CVE-2024-54143)

Mitel Product Security Update Advisory (CVE-2024-41713)

Apache Superset Security Update Advisory (CVE-2024-53949)

Tags:

Mitel Product Security Update Advisory (CVE-2024-41713)

Apache Superset Security Update Advisory (CVE-2024-53949)