Univention Bugzilla – Bug 48178
firmware-nonfree: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:29 CET
New Debian firmware-nonfree 20161130-4 fixes: This update addresses the following issues: * The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. (CVE-2016-0801) * A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. (CVE-2017-0561) * Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. (CVE-2017-9417) * Reinstallation of the pairwise key in the 4-way handshake (CVE-2017-13077) * Reinstallation of the group key in the 4-way handshake (CVE-2017-13078) * Reinstallation of the integrity group key in the 4-way handshake (CVE-2017-13079) * Reinstallation of the group key in the group key handshake (CVE-2017-13080) * Reinstallation of the integrity group key in the group key handshake (CVE-2017-13081)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/firmware-nonfree_20161130-3.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/firmware-nonfree_20161130-4.dsc @@ -1,3 +1,24 @@ +20161130-4 [Sat, 13 Oct 2018 20:27:06 +0100] Ben Hutchings <ben@decadent.org.uk>: + + * debian/bin/gencontrol.py: Set encoding to UTF-8 globally + * Add back firmware-{adi,ralink} as transitional packages (Closes: #907320) + * debian/control: Point Vcs URLs to Salsa + * Update to linux-support 4.9.0-8 + * firmware-brcm80211: Update Broadcom wifi firmware to fix security issues + (Closes: #869639): + - BCM4339 (CVE-2016-0801) + - BCM4354 (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, CVE-2017-13077, + CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081) + - BCM4356-PCIe (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, + CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + - BCM43340 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) (also fixes issues when operating in 5GHz band) + - BCM43362 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + - BCM43430 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, + CVE-2017-13081) + 20161130-3 [Tue, 06 Jun 2017 00:56:25 +0100] Ben Hutchings <ben@decadent.org.uk>: * misc-nonfree: Include Intel OPA Gen1 firmware (Closes: #862458) <http://10.200.17.11/4.3-2/#6133496246701244083>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts The licences of firmware-ipw2x00 and firmware-ivtv require interactive confirmation, which breaks PIUpaRTs. [4.3-2] 70d374032a Bug #48178: firmware-nonfree 20161130-4 doc/errata/staging/firmware-nonfree.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [4.3-2] b4e6a7e747 Bug #48178: firmware-nonfree 20161130-4 doc/errata/staging/firmware-nonfree.yaml | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+)
<http://errata.software-univention.de/ucs/4.3/315.html>