The file you linked to does not contain any license information, without that we cannot incorporate it into Ubuntu. In searching I can't find specific information about which firmware version has the fix, but even the RPi-Distro github trees do not seem to have been updated. So I haven't been able to find an updated version of the firmware that we will be able to distribute.
Broadcom did push a version of the firmware to upstream linux-firmware at some point, and this is the version we have in Ubuntu's linux- firmware. The best case is for Broadcom to update the firmware there, then we can easily pull it into Ubuntu. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-firmware in Ubuntu. https://bugs.launchpad.net/bugs/1713276 Title: CVE-2017-9417 “Broadpwn” Status in linux-firmware package in Ubuntu: Confirmed Bug description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Cypress (was Broadcom) have given the Raspberry Pi foundation new releases of the WiFi and Bluetooth firmware to fix the problem. See https://github.com/raspberrypi/linux/issues/1342#issuecomment-321221748 The pre-release files found at the above link are now included in the latest release of raspbian stretch. Would it be possible to include these new files in the linux-firmware package? Please note at the moment the package is missing the file brcmfmac43430-sdio.txt. Without this file the wifi does not work on the raspberry pi 3. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1713276/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
