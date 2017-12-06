

==========================================================================

Ubuntu Security Notice USN-3505-1

December 06, 2017



linux-firmware vulnerabilities

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.10

- Ubuntu 17.04

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



Several security issues were fixed in linux-firmware.



Software Description:

- linux-firmware: Firmware for Linux kernel drivers



Details:



Mathy Vanhoef discovered that the firmware for several Intel WLAN

devices incorrectly handled WPA2 in relation to Wake on WLAN. A

remote attacker could use this issue with key reinstallation attacks

to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.10:

linux-firmware 1.169.1



Ubuntu 17.04:

linux-firmware 1.164.2



Ubuntu 16.04 LTS:

linux-firmware 1.157.14



Ubuntu 14.04 LTS:

linux-firmware 1.127.24



After a standard system update you need to reboot your computer to make

all the necessary changes.



References:

https://www.ubuntu.com/usn/usn-3505-1

CVE-2017-13080, CVE-2017-13081



Package Information:

https://launchpad.net/ubuntu/+source/linux-firmware/1.169.1

https://launchpad.net/ubuntu/+source/linux-firmware/1.164.2

https://launchpad.net/ubuntu/+source/linux-firmware/1.157.14

https://launchpad.net/ubuntu/+source/linux-firmware/1.127.24





