Fedora 25: wpa_supplicant Security Advisory for Key Reinstallation Attacks

wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA

component that is used in the client stations. It implements key negotiation

with a WPA Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

Fix the for the Key Reinstallation Attacks

========================================== - hostapd: Avoid key reinstallation

in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce -Prevent reinstallation of an already in-use group key and extend protection of

GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,

CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,

CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK

reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request -FT: Do not allow multiple Reassociation Response frames Upstream advisory:

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Details and the paper: https://www.krackattacks.com/

[ 1 ] Bug #1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

https://bugzilla.redhat.com/show_bug.cgi?id=1500304

[ 2 ] Bug #1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

https://bugzilla.redhat.com/show_bug.cgi?id=1500303

[ 3 ] Bug #1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it

https://bugzilla.redhat.com/show_bug.cgi?id=1491698

[ 4 ] Bug #1491697 - CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491697

[ 5 ] Bug #1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491696

[ 6 ] Bug #1491694 - CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491694

[ 7 ] Bug #1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491693

[ 8 ] Bug #1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491692

su -c 'dnf upgrade wpa_supplicant' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org