Bug 23314 - Update request: nonfree firmwares, snapshot 20180606
Summary: Update request: nonfree firmwares, snapshot 20180606
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga6-64-ok, mga6-32-ok
Keywords: advisory, validated_update
Depends on:
Blocks: 23315
  Show dependency treegraph
 
Reported: 2018-07-17 13:14 CEST by Thomas Backlund
Modified: 2018-07-25 10:25 CEST (History)
5 users (show)

See Also:
Source RPM: kernel-firmware-nonfree, radeon-firmware
CVE:
Status comment:


Attachments

Description Thomas Backlund 2018-07-17 13:14:19 CEST
Security fixes for bcm4356, bcm4354, bcm43362, bcm43340, bcm43430
CVE-2017-13077 - dropping replayed M3 for offloaded 4-way handshake. CVE-2017-13078 - dropping replayed M3 for offloaded 4-way handshake. CVE-2017-13079 - dropping replayed M3 for offloaded 4-way handshake. CVE-2017-13080 - dropping replayed G1 for offloaded GTK rekey. CVE-2017-13081 - dropping replayed G1 for offloaded GTK rekey.
CVE-2017-13081 - dropping replayed G1 for offloaded GTK rekey.


Other fixes: 
Updated bluethooth firmwares for Intel 7260, 7265, 8260

fixed firmware for Amd Vega10 VCE
Comment 1 Thomas Backlund 2018-07-17 13:20:12 CEST
SRPMS:
kernel-firmware-nonfree-20180606-1.mga6.nonfree.src.rpm
radeon-firmware-20180606-1.mga6.nonfree.src.rpm

i586:
iwlwifi-firmware-20180606-1.mga6.nonfree.noarch.rpm
kernel-firmware-nonfree-20180606-1.mga6.nonfree.noarch.rpm
radeon-firmware-20180606-1.mga6.nonfree.noarch.rpm
ralink-firmware-20180606-1.mga6.nonfree.noarch.rpm
rtlwifi-firmware-20180606-1.mga6.nonfree.noarch.rpm

x86_64:
iwlwifi-firmware-20180606-1.mga6.nonfree.noarch.rpm
kernel-firmware-nonfree-20180606-1.mga6.nonfree.noarch.rpm
radeon-firmware-20180606-1.mga6.nonfree.noarch.rpm
ralink-firmware-20180606-1.mga6.nonfree.noarch.rpm
rtlwifi-firmware-20180606-1.mga6.nonfree.noarch.rpm
Comment 2 Thomas Backlund 2018-07-17 13:27:41 CEST
Already in use on Mageia infra, my own server, workstation and laptop
Comment 3 Len Lawrence 2018-07-17 17:34:04 CEST
Installed these packages on my production machine, an nvidia system without wifi.
Kernel: 4.14.50-desktop-2.mga6 x86_64
Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3834/4000 MHz
desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
Graphics:  Card: NVIDIA GM204 [GeForce GTX 970]
RAM:       32 GB

After reboot:
$ rpm -qa | grep firmware
kernel-firmware-nonfree-20180606-1.mga6.nonfree
radeon-firmware-20180606-1.mga6.nonfree
rtlwifi-firmware-20180606-1.mga6.nonfree
kernel-firmware-20170531-1.mga6
ralink-firmware-20180606-1.mga6.nonfree
bluez-firmware-1.2-13.mga6.nonfree
iwlwifi-firmware-20180606-1.mga6.nonfree

CC: (none) => tarazed25

Thomas Backlund 2018-07-18 00:45:07 CEST

Blocks: (none) => 23315

Comment 4 Morgan Leijström 2018-07-18 02:19:15 CEST
Two machines updated to all updates in all updates_testing repos

1)  64 bit OK on my workstation: i7-2600K, Nvidia GTX750 (GM107) using proprietary driver GeForce 420 and later, BOINC, LVM on LUKS on SSD, no wifi hw.

2) 64 bit on laptop Thinkpad T60, CPU core2Duo T5600, ati RV515/M54 X1400, wifi AR5418. Resume from suspend and hibernation *) OK except wifi need to be reconnected manually :/ (regression)

*) using Fn+F4 and Fn+F12 respectively - Somehow the Plasma battery icon have gone missing and logout menu do not contain suspend nor hibernate any longer!

CC: (none) => fri

Comment 5 Thomas Andrews 2018-07-18 04:50:11 CEST
Real MBR hardware, Athlon X2, 8GB, nvidia 9800GT video, Atheros wifi. 64-bit Plasma system, using the server kernel.

Updated microcode, nonfree firmware, and server kernel in one operation. Packages all installed cleanly. Rebooted, tried all the usual suspects, no regressions noted.

CC: (none) => andrewsfarm

Comment 6 Thomas Andrews 2018-07-18 14:21:39 CEST
Real hardware, HP 6550b, i3,8GB, Intel graphics, Intel wifi, 64-bit Plasma system, using the desktop kernel.

Performed the same tests as in Comment 5, with the same results.
Comment 7 James Kerr 2018-07-18 16:09:44 CEST
OK for mga6-64:

https://bugs.mageia.org/show_bug.cgi?id=23315#c8

CC: (none) => jim

Comment 8 James Kerr 2018-07-19 16:55:16 CEST
also OK for mga6-64 on an nvidia system

https://bugs.mageia.org/show_bug.cgi?id=23315#c9
Comment 9 Len Lawrence 2018-07-19 19:49:21 CEST
System:    Host: markab Kernel: 4.14.50-desktop-2.mga6 x86_64
CPU:       Quad core Intel Core i7-5700HQ (-HT-MCP-) speed/max: 2695/3500 MHz
           Mobo: GIGABYTE model: X5
Graphics:  Card-1: NVIDIA GM204M [GeForce GTX 965M]
           GLX Version: 4.6.0 NVIDIA 390.59

Updated microcode and latest firmware.
Rebooted fine.  No problems evident.
Comment 10 James Kerr 2018-07-20 11:37:41 CEST
OK for mga6-32

https://bugs.mageia.org/show_bug.cgi?id=23315#c11
Comment 11 Thomas Andrews 2018-07-20 14:09:57 CEST
Real hardware, Dell Inspiron 5100, P4, 1GB RAM, Radeon 7500 graphics, old Atheros wifi. Running 32-bit Plasma, using the VESA video driver because the radeon driver won't work with Plasma on this system.

Updated microcodes, nonfree firmware, and the desktop kernel all in one operation. Packages all installed cleanly. Reboot successful, no regressions noted.
Comment 12 Rémi Verschelde 2018-07-23 15:14:59 CEST
Tested OK on Mageia 6 x86_64, system described in bug 23316 comment 7.
Comment 13 Thomas Backlund 2018-07-25 08:44:13 CEST
Advisory (added to svn)

type: security
subject: Updated nonfree firmware packages fixes security vulnerabilities
CVE:
 - CVE-2017-13077
 - CVE-2017-13078
 - CVE-2017-13079
 - CVE-2017-13080
 - CVE-2017-13081
src:
  6:
   nonfree:
     - kernel-firmware-nonfree-20180606-1.mga6.nonfree
     - radeon-firmware-20180606-1.mga6.nonfree
description: |
  This firmware update fixes the following security issues:

  * bcm4356, bcm4354, bcm43362, bcm43340, bcm43430:
    - dropping replayed M3 for offloaded 4-way handshake
      (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079)
    - dropping replayed G1 for offloaded GTK rekey
      (CVE-2017-13080, CVE-2017-13081)

  Also in this update:

  * Updated bluethooth firmwares for Intel 7260, 7265, 8260
  * fixed firmware for Amd Vega10 VCE causing a hang
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23314

Keywords: (none) => advisory

Comment 14 Thomas Backlund 2018-07-25 10:00:33 CEST
Enough tests, validating

Whiteboard: (none) => mga6-64-ok, mga6-32-ok
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2018-07-25 10:25:23 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0323.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.