libreCMC v1.5.4a


This "a" revision of libreCMC v1.5.4 addresses critical security issues in dnsmasq that includes the possibility of "...DNS cache poisoning attack by an off-path attacker..." [1]. All v1.5.4 images have been recalled and new v1.5.4a images that reflect upstream 19.07.6 are available with the following changes :

  • Linux-libre 4.14.216
  • dnsmasq: Patches to address:
    • CVE-2020-2568{1-7}
  • medtls 2.16.9
  • netifd,odhcp6c: Fixes IPv6 routing loop on point-to-point links


If you already have v1.5.4 installed, you can install the updated packages using opkg.

The next release of libreCMC is scheduled for release on April 2nd, unless there are other critical CVEs. As always, please report any bugs to the libreCMC mailing lists.

[1] DNSpooq : DNSpooq_Technical-Whitepaper.pdf

Firmware Images:


Main Generic

Core Generic

Core tiny No Web-Ui / package management.


Main Generic

Core Generic

Main nand

Core nand