Advisories ยป MGASA-2017-0472

Updated nonfree firmwares fixes security issues and adds new hw support

Publication date: 28 Dec 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-0801 , CVE-2017-0561 , CVE-2017-9417 , CVE-2017-13080 , CVE-2017-13081


Updated nonfree firmwares fixes atleast the following security issues:

Broadcom firmware fixes:
- dropping BRCM proprietary packets received over the air (CVE-2016-0801)
- adding length checks for TDLS action frames (CVE-2017-0561)
- adding length checks for WME IE (CVE-2017-9417)

Iwlwifi firmware fixes:
- The reinstallation of the Group Temporal key could be used for replay
  attacks (CVE-2017-13080)
- The reinstallation of the Integrity Group Temporal key could be used
  for replay attacks (CVE-2017-13081)

This update also adds updated firmwares:
* ath10k, cxgb4, liquidio, mrvl, ql2400, ql2500, wilc1000
* Amd Polaris10-12, Intel BXT/SKL/KBL/CNL 

and new firmwares:
* Amd Vega10 and Raven 
* Cavium nitrox 
* Intel CNL/GLK, IPU3, JeffersonPeak, ThunderPeak
* Mellanox Spectrum
* nVidia GP108 (GTX1030)
* Qualcom Adreno  &Venus, imx SDMA, 
* Realtek rtl8822be 

in order to support new hardware supported by 4.14 series kernels.