All,
LEDE version 17.01.4 was released yesterday. It includes the Dnsmasq and WPA2 security updates.
In addition, there's an AP-side Krack countermeasure added. Also, an "Enable key reinstallation (KRACK) countermeasures" check box was added to Wireless Security web GUI. To see the option in the 17.01.4 GUI, you'll need to opkg upgrade, as the functionality was added after the firmware release.
To enable the countermeasure from from the command line (from https://forum.lede-project.org/t/critical-wifi-vulnerability-found-krack/745...):
uci set wireless.@wifi-iface[0].wpa_disable_eapol_key_retries='1' # If you have a second interface (usually one for 2.4GHz wifi and one for 5GHZ), also type: uci set wireless.@wifi-iface[1].wpa_disable_eapol_key_retries='1' # Then save your changes and apply them by rebooting your device: uci commit reboot
73,
- Lynwood KB3VWG