Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:51:27PM +, alexander.stef...@infineon.com wrote: > > > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > > wrote: > > > > > I'm implementing a fix for

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:51:27PM +, alexander.stef...@infineon.com wrote: > > > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > > wrote: > > > > > I'm implementing a fix for CVE-2017-15361 that simply blacklists

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:46:26PM +, alexander.stef...@infineon.com wrote: > > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > > >On Wed, Oct 25, 2017 at

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:46:26PM +, alexander.stef...@infineon.com wrote: > > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote:

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 07:02:37PM +0200, Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 04:57:48PM +0200, Michal Suchánek wrote: > > On Thu, 26 Oct 2017 16:06:02 +0200 > > Jarkko Sakkinen wrote: > > > > > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 07:02:37PM +0200, Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 04:57:48PM +0200, Michal Suchánek wrote: > > On Thu, 26 Oct 2017 16:06:02 +0200 > > Jarkko Sakkinen wrote: > > > > > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > > > > It does not

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 04:57:48PM +0200, Michal Suchánek wrote: > On Thu, 26 Oct 2017 16:06:02 +0200 > Jarkko Sakkinen wrote: > > > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > > > It does not really matter. People ignore the messages

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 04:57:48PM +0200, Michal Suchánek wrote: > On Thu, 26 Oct 2017 16:06:02 +0200 > Jarkko Sakkinen wrote: > > > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > > > It does not really matter. People ignore the messages unless looking > > > for something

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:42:27PM +, alexander.stef...@infineon.com wrote: > As far as I know, the kernel itself is not using any of the affected > functionalities, so there is no need for an immediate mitigation > within the kernel. But I'd like to hear about how similar issues were >

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 03:42:27PM +, alexander.stef...@infineon.com wrote: > As far as I know, the kernel itself is not using any of the affected > functionalities, so there is no need for an immediate mitigation > within the kernel. But I'd like to hear about how similar issues were >

RE: Fixing CVE-2017-15361

> > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > wrote: > > > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > > > vulnerable FW versions. I think this is the

RE: Fixing CVE-2017-15361

> > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > wrote: > > > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > > > vulnerable FW versions. I think this is the only responsible action from > > >

RE: Fixing CVE-2017-15361

> On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > : > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen >

RE: Fixing CVE-2017-15361

> On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > : > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > >> wrote: > > >> > I'm

RE: Fixing CVE-2017-15361

> On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > wrote: > > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > > vulnerable FW versions. I think this is the only

RE: Fixing CVE-2017-15361

> On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > wrote: > > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > > vulnerable FW versions. I think this is the only responsible action from > > > my side

Re: Fixing CVE-2017-15361

On Thu, 26 Oct 2017 16:06:02 +0200 Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > > It does not really matter. People ignore the messages unless looking > > for something specific as you already noticed. Warn seems

Re: Fixing CVE-2017-15361

On Thu, 26 Oct 2017 16:06:02 +0200 Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > > It does not really matter. People ignore the messages unless looking > > for something specific as you already noticed. Warn seems adequate > > because the cipher is

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > It does not really matter. People ignore the messages unless looking > for something specific as you already noticed. Warn seems adequate > because the cipher is weaker than expected but not known to > be compromised. People who

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote: > It does not really matter. People ignore the messages unless looking > for something specific as you already noticed. Warn seems adequate > because the cipher is weaker than expected but not known to > be compromised. People who

Re: Fixing CVE-2017-15361

On Thu, 26 Oct 2017 13:16:32 +0200 Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > >On Wed, Oct 25, 2017 at

Re: Fixing CVE-2017-15361

On Thu, 26 Oct 2017 13:16:32 +0200 Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > >> On Wed, Oct 25,

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 01:16:32PM +0200, Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 01:16:32PM +0200, Jarkko Sakkinen wrote: > On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > > : > > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > >> On Wed, Oct

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > : > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > >>

Re: Fixing CVE-2017-15361

On Thu, Oct 26, 2017 at 12:26:10AM +0200, Peter Huewe wrote: > > > Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen > : > >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > >> wrote: > >> > I'm implementing a fix

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 01:22:21PM -0700, Jerry Snitselaar wrote: > On Wed Oct 25 17, Jarkko Sakkinen wrote: > > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > wrote: > > > > I'm

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 01:22:21PM -0700, Jerry Snitselaar wrote: > On Wed Oct 25 17, Jarkko Sakkinen wrote: > > On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > > > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > > > wrote: > > > > I'm implementing a fix for CVE-2017-15361

Re: Fixing CVE-2017-15361

Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen : >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen >> wrote: >> > I'm implementing a fix for

Re: Fixing CVE-2017-15361

Am 25. Oktober 2017 20:53:49 MESZ schrieb Jarkko Sakkinen : >On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: >> On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen >> wrote: >> > I'm implementing a fix for CVE-2017-15361 that simply blacklists >> > vulnerable FW versions. I think

Re: Fixing CVE-2017-15361

On Wed Oct 25 17, Jarkko Sakkinen wrote: On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen wrote: > I'm implementing a fix for CVE-2017-15361 that simply blacklists > vulnerable FW versions. I

Re: Fixing CVE-2017-15361

On Wed Oct 25 17, Jarkko Sakkinen wrote: On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen wrote: > I'm implementing a fix for CVE-2017-15361 that simply blacklists > vulnerable FW versions. I think this is the only responsible

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > wrote: > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > vulnerable FW versions. I think this is the only responsible

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 07:17:17AM -0700, Matthew Garrett wrote: > On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen > wrote: > > I'm implementing a fix for CVE-2017-15361 that simply blacklists > > vulnerable FW versions. I think this is the only responsible action from > > my side that I can do.

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen wrote: > I'm implementing a fix for CVE-2017-15361 that simply blacklists > vulnerable FW versions. I think this is the only responsible action from > my side that I can do. I'm not sure this is ideal - do Infineon

Re: Fixing CVE-2017-15361

On Wed, Oct 25, 2017 at 6:44 AM, Jarkko Sakkinen wrote: > I'm implementing a fix for CVE-2017-15361 that simply blacklists > vulnerable FW versions. I think this is the only responsible action from > my side that I can do. I'm not sure this is ideal - do Infineon have any Linux tooling for

Fixing CVE-2017-15361

I'm implementing a fix for CVE-2017-15361 that simply blacklists vulnerable FW versions. I think this is the only responsible action from my side that I can do. /arkko

Fixing CVE-2017-15361

I'm implementing a fix for CVE-2017-15361 that simply blacklists vulnerable FW versions. I think this is the only responsible action from my side that I can do. /arkko