16 Oct
2017
16 Oct
'17
23:53
To whom it may concern:
I call your attention to the patch in
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=fd….
It is a part of the fix for CVE--2017-13080.
Larry
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org
17 Oct
17 Oct
07:34
On Monday, 16 October 2017 23:53 Larry Finger wrote:
To whom it may concern:
I call your attention to the patch in
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?
id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e.
It is a part of the fix for CVE--2017-13080.
Thank you for the warning. I don't know the whole context so I would
like to ask how urgent the issue is. In particular, is it OK to wait
for the resolution of this comment
http://lkml.kernel.org/r/CAHmME9rHMMAgJs3uQYpt15V8eh-PjDqioqURA3KPKEhc2a9OE…
or would it make sense to add the patch now (either with memcmp() or
with crypto_memneq()) and update later?
Michal Kubeček
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org
08:01
New subject: [security-team] [opensuse-kernel] CVE--2017-13080
On Tue, Oct 17, 2017 at 07:34:50AM +0200, Michal Kubecek wrote:
On Monday, 16 October 2017 23:53 Larry Finger wrote:
I opened bug 1063667.
Are you aware of any other fixes related to KRACK in the kernel mac80211 or other
frameworks?
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org
To whom it may concern:
I call your attention to the patch in
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?
id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e.
It is a part of the fix for CVE--2017-13080.
Thank you for the warning. I don't know the whole context so I would
like to ask how urgent the issue is. In particular, is it OK to wait
for the resolution of this comment
http://lkml.kernel.org/r/CAHmME9rHMMAgJs3uQYpt15V8eh-PjDqioqURA3KPKEhc2a9OE…
or would it make sense to add the patch now (either with memcmp() or
with crypto_memneq()) and update later?
08:13
On Tuesday, 17 October 2017 7:34 Michal Kubecek wrote:
On Monday, 16 October 2017 23:53 Larry Finger wrote:
OK, so it didn't take too long:
http://lkml.kernel.org/r/1508219181.10607.45.camel@sipsolutions.net
Sounds quite convincing to me.
Michal Kubeček
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org
To whom it may concern:
I call your attention to the patch in
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit
/? id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e.
It is a part of the fix for CVE--2017-13080.
Thank you for the warning. I don't know the whole context so I would
like to ask how urgent the issue is. In particular, is it OK to wait
for the resolution of this comment
http://lkml.kernel.org/r/CAHmME9rHMMAgJs3uQYpt15V8eh-PjDqioqURA3KPKEh
c2a9OEg(a)mail.gmail.com
or would it make sense to add the patch now (either with memcmp() or
with crypto_memneq()) and update later?
16:06
On 10/17/2017 01:13 AM, Michal Kubecek wrote:
On Tuesday, 17 October 2017 7:34 Michal Kubecek
wrote:
Yes, this is a serious problem for openSUSE (and other Linux systems) when
operating on a WPA network in a location where you cannot observe everyone that
might be listening to the radio traffic. At home this will not be as severe a
problem if you can trust your neighbors.
As you saw in the reference above, Johannes Berg argued that memcmp() is
sufficient and that crypto_memneq() would be overkill. My understanding is that
this change is all that will be needed for the kernel, but there will need to be
changes in wpa_supplicant.
Thanks for your attention,
Larry
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org
On Monday, 16 October 2017 23:53 Larry Finger
wrote:
OK, so it didn't take too long:
http://lkml.kernel.org/r/1508219181.10607.45.camel@sipsolutions.net
Sounds quite convincing to me. To whom it may concern:
I call your attention to the patch in
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit
/? id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e.
It is a part of the fix for CVE--2017-13080.
Thank you for the warning. I don't know the whole context so I would
like to ask how urgent the issue is. In particular, is it OK to wait
for the resolution of this comment
http://lkml.kernel.org/r/CAHmME9rHMMAgJs3uQYpt15V8eh-PjDqioqURA3KPKEh
c2a9OEg(a)mail.gmail.com
or would it make sense to add the patch now (either with memcmp() or
with crypto_memneq()) and update later?
1343
days inactive
1344
days old
4 comments
3 participants
participants (3)
-
Larry Finger -
Marcus Meissner -
Michal Kubecek