First Last Prev Next    This bug is not in your last search results.
Bug 1066295 - VUL-0: CVE-2017-13080 CVE-2017-13081: kernel-firmware: KRACK attack [SLE15 Beta1] F/W update for 3160, 3168, 7260, 7265, 7265D and new F/W for 8260 and 8265
VUL-0: CVE-2017-13080 CVE-2017-13081: kernel-firmware: KRACK attack [SLE15 Be...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
x86-64 SLES 15
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:63929:important maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-03 02:13 UTC by Lin Wang
Modified: 2018-01-18 09:20 UTC (History)
14 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lin Wang 2017-11-03 02:13:19 UTC 
Intel just published firmware updates including security fix for 3160, 3168, 7260, 7265 and 7265D, the patch in iwlwifi/linux-firmware.git is here:
https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git/commit/?id=11e310f97470f91e26e6f3408b09871fd6cd3c5c

This firmware update will fix the CVEs there for WOWLAN operation only,CVE numbers listed in www.krackattacks.com.

For 8260 and 8265, there is a new firmware version available(-34.ucode): https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git/commit/?id=348d2b53326bcef4c260037cc7a6006fc80ca5bb
Comment 1 Takashi Iwai 2017-11-03 07:09:44 UTC 
Both updates are necessary for SLE12-SP2/SP3, at least.

Security team: which CVE number(s) should be included in the changelog for this case?  There are multiple numbers listed for KRACK.
Comment 2 Marcus Meissner 2017-11-06 12:04:57 UTC 
Intel?

Can Intel specify which of the CVEs are fixed?
Comment 8 Marcus Meissner 2017-11-15 13:15:33 UTC 
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

CVE-2017-13080 CVE-2017-13081 seems to affect the wireless drivers.

others seem for atom processorrs and things we do not ship as firmware.

So mention these two CVEs please in your submissions.
Comment 9 Takashi Iwai 2017-11-15 16:00:04 UTC 
The fix was submitted to FACTORY and SLE12-SP2:Update.
The kernels for older distros don't support the updated firmware versions.

Reassigned back to security team.
Comment 11 Swamp Workflow Management 2017-11-27 21:19:23 UTC 
SUSE-SU-2017:3106-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1066295
CVE References: CVE-2017-13080,CVE-2017-13081
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-firmware-20170530-21.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-firmware-20170530-21.13.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-firmware-20170530-21.13.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-firmware-20170530-21.13.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-firmware-20170530-21.13.1
SUSE Container as a Service Platform ALL (src):    kernel-firmware-20170530-21.13.1
Comment 12 Swamp Workflow Management 2017-11-30 02:12:57 UTC 
openSUSE-SU-2017:3144-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1066295
CVE References: CVE-2017-13080,CVE-2017-13081
Sources used:
openSUSE Leap 42.3 (src):    kernel-firmware-20170530-11.1
openSUSE Leap 42.2 (src):    kernel-firmware-20170530-7.9.1
Comment 13 Marcus Meissner 2017-11-30 06:59:51 UTC 
released
Comment 17 Swamp Workflow Management 2018-01-08 20:09:02 UTC 
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245
CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
First Last Prev Next    This bug is not in your last search results.