lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 Feb 2020 23:16:32 +0100
From:   Hans de Goede <hdegoede@...hat.com>
To:     Chi-Hsien Lin <chi-hsien.lin@...ress.com>,
        Chirjeev Singh <Chirjeev.Singh@...ress.com>,
        Chung-Hsien Hsu <cnhu@...ress.com>
Cc:     linux-firmware@...nel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Updating cypress/brcm firmware in linux-firmware for CVE-2019-15126

Hello Cypress people,

Can we please get updated firmware for
brcm/brcmfmac4356-pcie.bin and brcm/brcmfmac4356-sdio.bin
fixing CVE-2019-15126 as well as for any other affected
models (the 4356 is explicitly named in the CVE description) ?

The current Cypress firmware files in linux-firmware are
quite old, e.g. for brcm/brcmfmac4356-pcie.bin linux-firmware has:
version 7.35.180.176 dated 2017-10-23, way before the CVE

Where as https://community.cypress.com/docs/DOC-19000 /
cypress-fmac-v4.14.77-2020_0115.zip has:
version 7.35.180.197 which presumably contains a fix (no changelog)

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ