--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2017-f45e844a85
2017-10-17 00:11:41.919108
--------------------------------------------------------------------------------Name        : wpa_supplicant
Product     : Fedora 27
Version     : 2.6
Release     : 11.fc27
URL         : http://w1.fi/wpa_supplicant/
Summary     : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.

--------------------------------------------------------------------------------Update Information:

Fix the for the Key Reinstallation Attacks
==========================================  - hostapd: Avoid key reinstallation
in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce -Prevent reinstallation of an already in-use group key and extend   protection of
GTK/IGTK reinstallation of WNM-Sleep Mode cases   (CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,   CVE-2017-13087,
CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK
reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request -FT: Do not allow multiple Reassociation Response frames  Upstream advisory:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Details and the paper: https://www.krackattacks.com/
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
        https://bugzilla.redhat.com/show_bug.cgi?id=1500304
  [ 2 ] Bug #1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
        https://bugzilla.redhat.com/show_bug.cgi?id=1500303
  [ 3 ] Bug #1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it
        https://bugzilla.redhat.com/show_bug.cgi?id=1491698
  [ 4 ] Bug #1491697 - CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=1491697
  [ 5 ] Bug #1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=1491696
  [ 6 ] Bug #1491694 - CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=1491694
  [ 7 ] Bug #1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=1491693
  [ 8 ] Bug #1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=1491692
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade wpa_supplicant' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 27: wpa_supplicant Security Update

October 17, 2017
Fix the for the Key Reinstallation Attacks in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and ...

Summary

wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA

component that is used in the client stations. It implements key negotiation

with a WPA Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

Fix the for the Key Reinstallation Attacks

========================================== - hostapd: Avoid key reinstallation

in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce -Prevent reinstallation of an already in-use group key and extend protection of

GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,

CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,

CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK

reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request -FT: Do not allow multiple Reassociation Response frames Upstream advisory:

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Details and the paper: https://www.krackattacks.com/

[ 1 ] Bug #1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

https://bugzilla.redhat.com/show_bug.cgi?id=1500304

[ 2 ] Bug #1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

https://bugzilla.redhat.com/show_bug.cgi?id=1500303

[ 3 ] Bug #1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it

https://bugzilla.redhat.com/show_bug.cgi?id=1491698

[ 4 ] Bug #1491697 - CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491697

[ 5 ] Bug #1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491696

[ 6 ] Bug #1491694 - CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491694

[ 7 ] Bug #1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491693

[ 8 ] Bug #1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake

https://bugzilla.redhat.com/show_bug.cgi?id=1491692

su -c 'dnf upgrade wpa_supplicant' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2017-f45e844a85 2017-10-17 00:11:41.919108 Product : Fedora 27 Version : 2.6 Release : 11.fc27 URL : http://w1.fi/wpa_supplicant/ Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce -Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request -FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Details and the paper: https://www.krackattacks.com/ [ 1 ] Bug #1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame https://bugzilla.redhat.com/show_bug.cgi?id=1500304 [ 2 ] Bug #1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame https://bugzilla.redhat.com/show_bug.cgi?id=1500303 [ 3 ] Bug #1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it https://bugzilla.redhat.com/show_bug.cgi?id=1491698 [ 4 ] Bug #1491697 - CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491697 [ 5 ] Bug #1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491696 [ 6 ] Bug #1491694 - CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491694 [ 7 ] Bug #1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491693 [ 8 ] Bug #1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491692 su -c 'dnf upgrade wpa_supplicant' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 27
Version : 2.6
Release : 11.fc27
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved