| Description: | Summary:
The remote host is missing an update for the 'kernel-firmware-nonfree, radeon-firmware' package(s) announced via the MGASA-2017-0472 advisory.
Vulnerability Insight:
Updated nonfree firmwares fixes at least the following security issues:
Broadcom firmware fixes:
- dropping BRCM proprietary packets received over the air (CVE-2016-0801)
- adding length checks for TDLS action frames (CVE-2017-0561)
- adding length checks for WME IE (CVE-2017-9417)
Iwlwifi firmware fixes:
- The reinstallation of the Group Temporal key could be used for replay
attacks (CVE-2017-13080)
- The reinstallation of the Integrity Group Temporal key could be used
for replay attacks (CVE-2017-13081)
This update also adds updated firmwares:
* ath10k, cxgb4, liquidio, mrvl, ql2400, ql2500, wilc1000
* Amd Polaris10-12, Intel BXT/SKL/KBL/CNL
and new firmwares:
* Amd Vega10 and Raven
* Cavium nitrox
* Intel CNL/GLK, IPU3, JeffersonPeak, ThunderPeak
* Mellanox Spectrum
* nVidia GP108 (GTX1030)
* Qualcom Adreno &Venus, imx SDMA,
* Realtek rtl8822be
in order to support new hardware supported by 4.14 series kernels.
Affected Software/OS:
'kernel-firmware-nonfree, radeon-firmware' package(s) on Mageia 6.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
