Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Debian 8 Jessie DLA-1573-1 Critical: Broadcom BCM43xx Wifi Threats

debian lts
Calendar Grey November 13, 2018
Dist Debian Esm H88
Essential security patches have been released targeting various vulnerabilities in Broadcom BCM43xx Wi-Fi chipsets specifically for Debian operating system users.
Several vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality

Summary

Broadgate Team discovered flaws in packet processing in the
Broadcom wifi firmware and proprietary drivers that could lead to
remote code execution. However, this vulnerability is not
believed to affect the drivers used in Debian.

CVE-2017-0561

Gal Beniamini of Project Zero discovered a flaw in the TDLS
implementation in Broadcom wifi firmware. This could be exploited
by an attacker on the same WPA2 network to execute code on the
wifi microcontroller.

CVE-2017-9417 / #869639

Nitay Artenstein of Exodus Intelligence discovered a flaw in the
WMM implementation in Broadcom wifi firmware. This could be
exploited by a nearby attacker to execute code on the wifi
microcontroller.

CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven
discovered multiple vulnerabilities in the WPA protocol used for
authentication in wireless networks, dubbed "KRACK".

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: firmware-nonfree
Version: 20161130-4~deb8u1
CVE ID: CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077
Debian Bug: 620066 724970 769633 774914 790061 793544 793874 795303

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.