--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386
- From: Mark Robinson <mark@zl2tod.net>
- Date: Tue, 25 Jul 2017 20:06:29 +1200
- Message-id: <20170725080629.8106.57019.reportbug@kahawai.zl2tod.net>
Package: firmware-brcm80211
Version: 0.43
Severity: critical
Tags: security upstream
Justification: root security hole
Dear Maintainer,
CVE-2017-8386 "BroadPwn" has been around for a while.
It seems Debian ships the relevant firmware in this package.
Could I impose on you to ensure that all is as it should be?
Many thanks.
Mark
https://nvd.nist.gov/vuln/detail/CVE-2017-8386
https://security-tracker.debian.org/tracker/CVE-2017-9417
https://packages.debian.org/search?keywords=firmware-brcm80211
http://boosterok.com/blog/broadpwn/
-- System Information:
Debian Release: 8.9
APT prefers testing
APT policy: (1000, 'testing'), (1000, 'stable'), (1000, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: firmware-nonfree
Source-Version: 20161130-4
We believe that the bug you reported is fixed in the latest version of
firmware-nonfree, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869639@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <ben@decadent.org.uk> (supplier of updated firmware-nonfree package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Oct 2018 20:27:06 +0100
Source: firmware-nonfree
Binary: firmware-linux firmware-linux-nonfree firmware-adi firmware-ralink firmware-amd-graphics firmware-atheros firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intelwimax firmware-intel-sound firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic firmware-realtek firmware-samsung firmware-siano firmware-ti-connectivity
Architecture: all source
Version: 20161130-4
Distribution: stretch
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Closes: 869639 907320
Description:
firmware-adi - Binary firmware for Analog Devices Inc. DSL modem chips (dummmy p
firmware-amd-graphics - Binary firmware for AMD/ATI graphics chips
firmware-atheros - Binary firmware for Atheros wireless cards
firmware-bnx2 - Binary firmware for Broadcom NetXtremeII
firmware-bnx2x - Binary firmware for Broadcom NetXtreme II 10Gb
firmware-brcm80211 - Binary firmware for Broadcom 802.11 wireless cards
firmware-cavium - Binary firmware for Cavium Ethernet adapters
firmware-intel-sound - Binary firmware for Intel sound DSPs
firmware-intelwimax - Binary firmware for Intel WiMAX Connection
firmware-ipw2x00 - Binary firmware for Intel Pro Wireless 2100, 2200 and 2915
firmware-ivtv - Binary firmware for iTVC15-family MPEG codecs (ivtv and pvrusb2 d
firmware-iwlwifi - Binary firmware for Intel Wireless cards
firmware-libertas - Binary firmware for Marvell wireless cards
firmware-linux - Binary firmware for various drivers in the Linux kernel (meta-pac
firmware-linux-nonfree - Binary firmware for various drivers in the Linux kernel (meta-pac
firmware-misc-nonfree - Binary firmware for various drivers in the Linux kernel
firmware-myricom - Binary firmware for Myri-10G Ethernet adapters
firmware-netxen - Binary firmware for QLogic Intelligent Ethernet (3000 and 3100 Se
firmware-qlogic - Binary firmware for QLogic HBAs
firmware-ralink - Binary firmware for Ralink wireless cards (dummmy package)
firmware-realtek - Binary firmware for Realtek wired/wifi/BT adapters
firmware-samsung - Binary firmware for Samsung MFC video codecs
firmware-siano - Binary firmware for Siano MDTV receivers
firmware-ti-connectivity - Binary firmware for TI Connectivity wifi and BT/FM/GPS adapters
Changes:
firmware-nonfree (20161130-4) stretch; urgency=medium
.
* debian/bin/gencontrol.py: Set encoding to UTF-8 globally
* Add back firmware-{adi,ralink} as transitional packages (Closes: #907320)
* debian/control: Point Vcs URLs to Salsa
* Update to linux-support 4.9.0-8
* firmware-brcm80211: Update Broadcom wifi firmware to fix security issues
(Closes: #869639):
- BCM4339 (CVE-2016-0801)
- BCM4354 (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, CVE-2017-13077,
CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081)
- BCM4356-PCIe (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417,
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
- BCM43340 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081) (also fixes issues when operating in 5GHz band)
- BCM43362 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
- BCM43430 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
Checksums-Sha1:
e63617166c8950ec0a54242e362800b487f2f2b5 3845 firmware-nonfree_20161130-4.dsc
cc30c11c959879cc8f42800dd7ee956ed85931c6 2456372 firmware-nonfree_20161130-4.debian.tar.xz
0a0d5b25fef15355b5e8886b5f6502b1f2f65022 6030 firmware-nonfree_20161130-4_source.buildinfo
823743e3fe5a411b67666157cd6336416ee9667c 14024 firmware-adi_20161130-4_all.deb
63db596c39887e104801fa947dac23e551092f29 1566256 firmware-amd-graphics_20161130-4_all.deb
322585b683b5431601e7c7807dc9fdd9dc0cb3e6 3131644 firmware-atheros_20161130-4_all.deb
5ef521ae4000e063b043f4ae8c5a75eb7d02493e 98984 firmware-bnx2_20161130-4_all.deb
dec9e279c0314ed54305313b4a7990398f58d6c8 2816314 firmware-bnx2x_20161130-4_all.deb
18ff9a2218d7f4c97b61c2dcc975b065ccd20ab6 3668582 firmware-brcm80211_20161130-4_all.deb
ec506459ebbc425b7ddfcf80274354f4437ee275 436214 firmware-cavium_20161130-4_all.deb
c9d13bac5420d1a8aaf3cbbf6dfb6124cc049058 611636 firmware-intel-sound_20161130-4_all.deb
3bba9ed502057e70c930077c88c63e2106d08df6 1190310 firmware-intelwimax_20161130-4_all.deb
b786acebd1e7a014087c0f7d8bcd9362485d5294 247830 firmware-ipw2x00_20161130-4_all.deb
75892b0c6e42b9d3e151a2a44a97c7954c90da34 105798 firmware-ivtv_20161130-4_all.deb
8949019b71f13230ded180f6437b5e5be603978e 5524182 firmware-iwlwifi_20161130-4_all.deb
4cbd993ac057cfe925933d5c8d7b062c7ff69251 2949540 firmware-libertas_20161130-4_all.deb
05b18c1ac44f7a1305a7ccc34770c86f6c8b9a84 14078 firmware-linux-nonfree_20161130-4_all.deb
6cd9b96f4a553bc2ab675b85605b3f6194cb8b1a 14324 firmware-linux_20161130-4_all.deb
0f23f99319f316f7b201e992638d2b7a987fa96e 2319602 firmware-misc-nonfree_20161130-4_all.deb
ec84e0b0c0c0d7d79c071f7d790e9f7cb13929c6 266970 firmware-myricom_20161130-4_all.deb
579461a92d4e98261cfec3539be3c9c1452e6e7a 1238180 firmware-netxen_20161130-4_all.deb
236c91b56992bda8d6e95fff2fcf548126e39a2a 11500 firmware-nonfree_20161130-4_amd64.buildinfo
f09c0c5c1f2bffd18cd4c0dd6fe4c8ca3651be06 2911162 firmware-qlogic_20161130-4_all.deb
95968c4cd5dd8ed35e4b9e1c938761cf277e8f9e 14026 firmware-ralink_20161130-4_all.deb
8105266fd71299ed57e0a918081a4af66ecc7ada 341996 firmware-realtek_20161130-4_all.deb
00ad650fe0bc6507815b8f69ecb3234a97820b24 515964 firmware-samsung_20161130-4_all.deb
f0229c041c09e93edb34f4c2c07208b89f872a77 319460 firmware-siano_20161130-4_all.deb
07d8d0f664213af811f051d779be7ed466ab7a49 1011034 firmware-ti-connectivity_20161130-4_all.deb
Checksums-Sha256:
5b54100e614154a5576ee8c3d9465206caf68c9f41c0dbcf0b0ff4be7d5ada88 3845 firmware-nonfree_20161130-4.dsc
4e4c6f22dc58026c7003e188a39fb1500d3f9524bbcd93fef70895d0a3653f61 2456372 firmware-nonfree_20161130-4.debian.tar.xz
922f9bffecfe3f465d043f64e4fa0e6ea1747a48ccb4a209cffb278d58218839 6030 firmware-nonfree_20161130-4_source.buildinfo
3cbda0ff379ed467a49bcc7552f59b2b6c3b9e7065b5a5f39819141f72191e06 14024 firmware-adi_20161130-4_all.deb
219441241a5d47a85ae80fe3601e8eb6b8fac4d7d3be1c81a7bf15f3517873e4 1566256 firmware-amd-graphics_20161130-4_all.deb
1f40b7d4008b0602a2de54aa096995aa3aeeb3426e136a1e0130de7b17bdf523 3131644 firmware-atheros_20161130-4_all.deb
18dee61bb85daee41bb28bdc40144d3473f5dc287a8ec5ba12b670267f49aa51 98984 firmware-bnx2_20161130-4_all.deb
c3bb40016dc466d32c3070a976c2f2e09253f4e33310657b190ae55da614389e 2816314 firmware-bnx2x_20161130-4_all.deb
72f9a94ec9e82830547056548cba7477ed56678e5708704c2b756c7390b85e84 3668582 firmware-brcm80211_20161130-4_all.deb
f244ccda4382dbb2f635da83be69c48ce443605d9e30637070c97e5824dd6361 436214 firmware-cavium_20161130-4_all.deb
443d6f0968b1af4159d219c7308137e5c74080d1637e935ef6e3ff905b82e62f 611636 firmware-intel-sound_20161130-4_all.deb
de404d9dac19c21cd54e6a31e46879d80d79269694ccbd991de46a6173aed538 1190310 firmware-intelwimax_20161130-4_all.deb
e0ff5d67f5abe90b1c36ba2dadf14eef7964614c8f8b10090abc9bdd5f21c49c 247830 firmware-ipw2x00_20161130-4_all.deb
b9d0e6f5ed291460eba4bbda016d3fc14363fbe4f5ebf2a9b6f3a9ac4c2576e7 105798 firmware-ivtv_20161130-4_all.deb
c5c66996f082364c1c7617dd5dd737905c443386776be17e6f0d53af2e544a5e 5524182 firmware-iwlwifi_20161130-4_all.deb
877557d6337b44c1feaed17df94b6eee5e7194a4c9f1e33f3d675a4fa6d55e1e 2949540 firmware-libertas_20161130-4_all.deb
9e689495babf9094863edb67e1b2aecae1b8c1ffd596d26ba1ec5b1563163935 14078 firmware-linux-nonfree_20161130-4_all.deb
e2e29cffd119067b3d04e1f7f5bc7e52d52fb32f18c6e5867f8c76ff9ad64e17 14324 firmware-linux_20161130-4_all.deb
4768fdac999a53f008bd67b2904ba13b33fe77a7bb17852333c6ce6e344b7469 2319602 firmware-misc-nonfree_20161130-4_all.deb
5e62b866822e2aa88a01e8c71531f9a8a6afcc19b31ee656a78513a7fd094f93 266970 firmware-myricom_20161130-4_all.deb
fec8d6b285b160e9ac7ea317149ab62a077ceb7f95d957fbb4abe5a5a4a1def6 1238180 firmware-netxen_20161130-4_all.deb
bdd39026c8182953b798cc60a362c40a17ca1206de13c5d90d3d9947e554601c 11500 firmware-nonfree_20161130-4_amd64.buildinfo
a64ff4f15eeb48e2322032484139d7821292490bfad7e2bdd552335a0644c01d 2911162 firmware-qlogic_20161130-4_all.deb
a1f4591dcc5068355d969a9d8e21724beffa25f5d16522bc8ecc7c08e81da69e 14026 firmware-ralink_20161130-4_all.deb
e0348f4da9f96cebbb23aa8f8d888d917eacfb83cd0f9de8a52ba9041f08d276 341996 firmware-realtek_20161130-4_all.deb
59400e5b79d912f47d30ae7e6a9d0b917e691d52b0b75f69b77b8c2024ae9208 515964 firmware-samsung_20161130-4_all.deb
9365c2c5f38bb21ddb296d5298f62a8652a2f7443c5bd3ee4f6340170c0e5f8d 319460 firmware-siano_20161130-4_all.deb
fc9cc1bfc1982903c6d12964c79f7ffe24bcf1f6802a03b5dbb27c35ed01f52b 1011034 firmware-ti-connectivity_20161130-4_all.deb
Files:
97e2ec1aa0b6ad062f39a0ed2c35baf3 3845 non-free/kernel optional firmware-nonfree_20161130-4.dsc
fc69bec2c2efbc07a8a4bd5553a5adb9 2456372 non-free/kernel optional firmware-nonfree_20161130-4.debian.tar.xz
e4930eb2c09436e14135e1a96399084f 6030 non-free/kernel optional firmware-nonfree_20161130-4_source.buildinfo
1313ed4af58733413f0ea9101299c0eb 14024 non-free/oldlibs optional firmware-adi_20161130-4_all.deb
9859d4774d3de5178f75b642c85b4758 1566256 non-free/kernel optional firmware-amd-graphics_20161130-4_all.deb
bdf5a2d7254bb0e7f9763e44b2eece45 3131644 non-free/kernel optional firmware-atheros_20161130-4_all.deb
7a5ebb4585e2b881ca9fe564dae5ea44 98984 non-free/kernel optional firmware-bnx2_20161130-4_all.deb
2e7dd904e7836433c45d33a338fda33a 2816314 non-free/kernel optional firmware-bnx2x_20161130-4_all.deb
aa3985040265a85a1efa735fe0c73611 3668582 non-free/kernel optional firmware-brcm80211_20161130-4_all.deb
052a04e7de9fbd511e64b7258b85f3b5 436214 non-free/kernel optional firmware-cavium_20161130-4_all.deb
60618d6371775625fc21d900a87a9c8f 611636 non-free/kernel optional firmware-intel-sound_20161130-4_all.deb
9e73735e3a9b2ed2b404540bd79dce24 1190310 non-free/kernel optional firmware-intelwimax_20161130-4_all.deb
de13494e4e78d50c0826463096e0fc75 247830 non-free/kernel optional firmware-ipw2x00_20161130-4_all.deb
8f0e4c41d59740f2269c42d56558984b 105798 non-free/kernel optional firmware-ivtv_20161130-4_all.deb
234398c728b83df48ca33224a08276c9 5524182 non-free/kernel optional firmware-iwlwifi_20161130-4_all.deb
04fd1744bc9ce8d7218bc7f5c1f01001 2949540 non-free/kernel optional firmware-libertas_20161130-4_all.deb
e413ea502b8f66dc4dc1d856296886d4 14078 non-free/metapackages optional firmware-linux-nonfree_20161130-4_all.deb
d8f19e64ec7b8ce19c3df73743caf5db 14324 non-free/metapackages optional firmware-linux_20161130-4_all.deb
de488c464316ac7afa040934ca98b69a 2319602 non-free/kernel optional firmware-misc-nonfree_20161130-4_all.deb
0413669cac3baa5f394d72ab16a3587b 266970 non-free/kernel optional firmware-myricom_20161130-4_all.deb
440a795b7b9f7f6b3eaf7f4ac060603e 1238180 non-free/kernel optional firmware-netxen_20161130-4_all.deb
3ec74f9e1574d8eadcb9b55db141358d 11500 non-free/kernel optional firmware-nonfree_20161130-4_amd64.buildinfo
69abdfa5ebe636f942583092ef429657 2911162 non-free/kernel optional firmware-qlogic_20161130-4_all.deb
5c128935825c8c508f5f0e32c8e24c82 14026 non-free/oldlibs optional firmware-ralink_20161130-4_all.deb
2c5015287ef3d7439f27c1bb451ea0fa 341996 non-free/kernel optional firmware-realtek_20161130-4_all.deb
35722a2a363cf65322095449e10cc039 515964 non-free/kernel optional firmware-samsung_20161130-4_all.deb
ef74974a85225160aef14abd35f2e2bd 319460 non-free/kernel optional firmware-siano_20161130-4_all.deb
bc926046107291dc959ff1e8b1fded9b 1011034 non-free/kernel optional firmware-ti-connectivity_20161130-4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlvCTgwACgkQ57/I7JWG
EQnIZhAAqzZiizhuo5YKMBnavx9Do/ovaOd1uq+rT+KHEc/3DjuRTFe07DxBNt8i
4CLy3I8uBLwO9oDICbuZvRdgkMPOBX0gbyQKnn2KCdwY/LMjdbgUuSn1u31baRe3
VZ2fGtXmwtDiRhQmCoKvvPMaokbO/0uUJONyeDIZZx8tPcrguX+5Egi/DKyjMuvz
SP6nEeKgsjswaJ2sK6KiehQwrgsw45HY0g2G8PErBvtakZJPtOVQNsU3ZaLxwT6c
xbMbWQOVG9FnzoXyZpZD9mz6K8REANltNpKHnw6PrNHi0fwyKf3dmU/3F6TRbcXM
8A4wogA+bY8Glp/69xMmsaMjCX6jTL9VvQRxlTVFf3CwQ4U1kaYU4Ephyw878850
ILAERnuy7Jg9i5xwImAAJPzdaQB0MyPnrTCvduUDUIOlvem+QGllOhpSwclVk/Yo
P4Ca5SDYg4VZxofi49qU6bPjA2LP660gOQBDpItbhV8nmZ5O75XF6DKthJLB/cGH
rhUbjUbejy8c+iPdHlVNmeOkzczd/YnuBx+mWhtrTSG8ctgxyArfwkNR7jMpbCYV
Z2d97scnkIIkAzq9ejrwPdUZDH/0G475vUV7k6+6gRdyVMuMhxfGt97KQY0QCv9r
+1ao0juAAre+CWXGylGAvaRyUzk1nAKQ9TUbdzZZgmNRJ1NtrDM=
=gsAo
-----END PGP SIGNATURE-----
--- End Message ---