[Secure-testing-team] Bug#869639: firmware-brcm80211: BroadPwn vulnerability CVE-2017-8386
Mark Robinson
mark at zl2tod.net
Tue Jul 25 08:06:29 UTC 2017
Package: firmware-brcm80211
Version: 0.43
Severity: critical
Tags: security upstream
Justification: root security hole
Dear Maintainer,
CVE-2017-8386 "BroadPwn" has been around for a while.
It seems Debian ships the relevant firmware in this package.
Could I impose on you to ensure that all is as it should be?
Many thanks.
Mark
https://nvd.nist.gov/vuln/detail/CVE-2017-8386
https://security-tracker.debian.org/tracker/CVE-2017-9417
https://packages.debian.org/search?keywords=firmware-brcm80211
http://boosterok.com/blog/broadpwn/
-- System Information:
Debian Release: 8.9
APT prefers testing
APT policy: (1000, 'testing'), (1000, 'stable'), (1000, 'oldstable'), (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list