Nacionalni CERT

Sigurnosni nedostaci programskog paketa linux-firmware

<p>==========================================================================<br />Ubuntu Security Notice USN-3505-1<br />December 06, 2017<br /><br />linux-firmware vulnerabilities<br />==========================================================================<br /><br />A security issue affects these releases of Ubuntu and its derivatives:<br /><br />- Ubuntu 17.10<br />- Ubuntu 17.04<br />- Ubuntu 16.04 LTS<br />- Ubuntu 14.04 LTS<br /><br />Summary:<br /><br />Several security issues were fixed in linux-firmware.<br /><br />Software Description:<br />- linux-firmware: Firmware for Linux kernel drivers<br /><br />Details:<br /><br />Mathy Vanhoef discovered that the firmware for several Intel WLAN<br />devices incorrectly handled WPA2 in relation to Wake on WLAN. A<br />remote attacker could use this issue with key reinstallation attacks<br />to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)<br /><br />Update instructions:<br /><br />The problem can be corrected by updating your system to the following<br />package versions:<br /><br />Ubuntu 17.10:<br /> linux-firmware 1.169.1<br /><br />Ubuntu 17.04:<br /> linux-firmware 1.164.2<br /><br />Ubuntu 16.04 LTS:<br /> linux-firmware 1.157.14<br /><br />Ubuntu 14.04 LTS:<br /> linux-firmware 1.127.24<br /><br />After a standard system update you need to reboot your computer to make<br />all the necessary changes.<br /><br />References:<br /> https://www.ubuntu.com/usn/usn-3505-1<br /> CVE-2017-13080, CVE-2017-13081<br /><br />Package Information:<br /> https://launchpad.net/ubuntu/+source/linux-firmware/1.169.1<br /> https://launchpad.net/ubuntu/+source/linux-firmware/1.164.2<br /> https://launchpad.net/ubuntu/+source/linux-firmware/1.157.14<br /> https://launchpad.net/ubuntu/+source/linux-firmware/1.127.24<br /><br />-----BEGIN PGP SIGNATURE-----<br /><br />iQIcBAABCgAGBQJaJ5cVAAoJEC8Jno0AXoH08+gP/1PGOulY6p5VuPuMJGFTBQzK<br />pYte+8LWroKzOQCJzGgqdW6pXTmH6+4wwlsZVg/220ir+XMO1MRUX0Sfz1fKqBjF<br />NRbtnZHdfIVeun3so3kwPrVQJbAfMh5C1n4xdpl/0AUpFGbLPSdQfzhLHCswZB4U<br />ylLLj1s2rANNfqmPp/LF5n4Gaq0PhW9GBM+zNDgc3kVa185zVlYcyjeTNum8fFAB<br />ULqsRohdil4oZEjyJNGb1/NL+9FFsj9dNLhhyM5t7qdqkPG1Yji8MhsOASsetVru<br />f0ZoY5uWPurppvW64EyGN6F6n86Yc/hPZ3X100JeSGSRU2KXJB3BtBU0QVre9WFt<br />iaR8sgVmEd9f89pzTWGkHHbMSKgKj4KHfQQd7ErzkfvmSrLcpc8M2iHIGF0oh4xe<br />LVBZlp/9m9yEAW7SS+C7gO3zO1Ps7RJbNPqdlRdlAfSgR0ZENjeB2bbnlZh618XT<br />KBUH9eRf2+AlNSUb700O2GIWHgAov9gRr+4XrKXLbw7owElE7Hjv0QsDcZ3aJO/P<br />nH/hDJhy3mV5quLCydyvjT0Z7yj6U6MutKY3/sZbeU8bnx/alnaruinuZVcoNOon<br />ymPfm9xgWbzxn8kHLH/RJ8i9wRWqceyjLYR4X91XWRHEn5t4j7SBCxwXhfsXk92h<br />mo7JXltjd5bKiHDW0GPB<br />=z3T1<br />-----END PGP SIGNATURE-----<br />--</p>
Otkriveni su sigurnosni nedostaci u programskom paketu linux-firmware operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim zakrpama.