lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200528103432.irmsaaz72x3xophg@pali>
Date:   Thu, 28 May 2020 12:34:32 +0200
From:   Pali Rohár <pali@...nel.org>
To:     Ganapathi Bhat <ganapathi.bhat@....com>
Cc:     Amitkumar Karwar <amitkarwar@...il.com>,
        Xinming Hu <huxinming820@...il.com>,
        Marek Behún <marek.behun@....cz>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [EXT] mwifiex: Firmware name for W8997 sdio wifi chip

On Saturday 16 May 2020 08:17:17 Ganapathi Bhat wrote:
> Hi Pali,
> 
> Thanks for this notice. We will try to push the new firmware and also, fix the naming problem.
> 
> Regards,
> Ganapathi

Hello Ganapathi!

According to publicly available information, firmware for these W8xxx
Marvell wifi chips is vulnerable to security issue CVE-2019-6496 [1].

Are you able to update firmwares to the last versions and give us some
information which (old) firmware versions are affected by that security
issue?

So Linux distribution would know if they are distributing older
vulnerable firmwares and should push security fixes with new firmware
versions.

[1] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6496

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ