Improper Verification of Cryptographic Signature Affecting firmware-nonfree package, versions <20190114-1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-FIRMWARENONFREE-268101
- published 7 Aug 2018
- disclosed 7 Aug 2018
How to fix?
Upgrade Debian:unstable firmware-nonfree to version 20190114-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream firmware-nonfree package and not the firmware-nonfree package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
References
- https://security-tracker.debian.org/tracker/CVE-2018-5383
- https://www.kb.cert.org/vuls/id/304725
- https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
- https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
- http://www.cs.technion.ac.il/~biham/BT/
- https://access.redhat.com/errata/RHSA-2019:2169
- http://www.securityfocus.com/bid/104879
- http://www.securitytracker.com/id/1041432
- https://usn.ubuntu.com/4351-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4118-1/