Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0104)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0104

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0104)

Resumen: The remote host is missing an update for the 'kernel-firmware-nonfree' package(s) announced via the MGASA-2021-0104 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-firmware-nonfree' package(s) announced via the MGASA-2021-0104 advisory.

Vulnerability Insight:
Updated nonfree firmwares fixees various issues, adds new / improved
hardware support and fixes at least the following security issue:

An issue was discovered on Broadcom Wi-Fi client devices. Specifically
timed and handcrafted traffic can cause internal errors (related to
state transitions) in a WLAN device that lead to improper layer 2
Wi-Fi encryption with a consequent possibility of information
disclosure over the air for a discrete set of traffic (CVE-2019-15126).

Full list of updates:
* kernel-firmware-nonfree:
- add firmware for Lontium LT9611UXC DSI to HDMI bridge
- brcm: Add NVRAM for Vamrs 96boards Rock960
- brcm: make AP6212 in bananpi m2 plus/zero work
- brcm: Link RPi4's WiFi firmware with DMI machine name
- brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
- brcm: remove old brcm firmwares that have newer cypress variants
(CVE-2019-15126)
- cypress: Link the new cypress firmware to the old brcm files
(CVE-2019-15126)
- i915: Add GuC firmware v49.0.1 for all platforms
- i915: Add GuC v49.0.1 for DG1
- i915: Add HuC v7.7.1 for DG1
- i915: Add DMC v2.01 for ADL-S
- mediatek: update MT8173 VPU firmware to v1.1.6
- mediatek: add firmware for MT7921
- Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304
- qcom: add firmware files for Adreno a650
- qcom: Add SM8250 Audio DSP firmware
- qcom: Add SM8250 Compute DSP firmware
- qcom: Add venus firmware files for VPU-1.0

* iwlwifi-firmware:
- Update firmware for Intel Bluetooth AX200, AX201, AX210 to 22.30.0.4

* rtlwifi-firmware:
- rtw89: 8852a: add firmware v0.9.12.2

Affected Software/OS:
'kernel-firmware-nonfree' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
2.9

CVSS Vector:
AV:A/AC:M/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-15126
Cisco Security Advisory: 20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0104
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0104)
Resumen:	The remote host is missing an update for the 'kernel-firmware-nonfree' package(s) announced via the MGASA-2021-0104 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-firmware-nonfree' package(s) announced via the MGASA-2021-0104 advisory. Vulnerability Insight: Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes at least the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (CVE-2019-15126). Full list of updates: * kernel-firmware-nonfree: - add firmware for Lontium LT9611UXC DSI to HDMI bridge - brcm: Add NVRAM for Vamrs 96boards Rock960 - brcm: make AP6212 in bananpi m2 plus/zero work - brcm: Link RPi4's WiFi firmware with DMI machine name - brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes - brcm: remove old brcm firmwares that have newer cypress variants (CVE-2019-15126) - cypress: Link the new cypress firmware to the old brcm files (CVE-2019-15126) - i915: Add GuC firmware v49.0.1 for all platforms - i915: Add GuC v49.0.1 for DG1 - i915: Add HuC v7.7.1 for DG1 - i915: Add DMC v2.01 for ADL-S - mediatek: update MT8173 VPU firmware to v1.1.6 - mediatek: add firmware for MT7921 - Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 - qcom: add firmware files for Adreno a650 - qcom: Add SM8250 Audio DSP firmware - qcom: Add SM8250 Compute DSP firmware - qcom: Add venus firmware files for VPU-1.0 * iwlwifi-firmware: - Update firmware for Intel Bluetooth AX200, AX201, AX210 to 22.30.0.4 * rtlwifi-firmware: - rtw89: 8852a: add firmware v0.9.12.2 Affected Software/OS: 'kernel-firmware-nonfree' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 2.9 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15126 Cisco Security Advisory: 20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
Copyright	Copyright (C) 2022 Greenbone AG