SUSE Security Update: Security update for wpa_supplicant
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1853-1
Rating:             important
References:         #1131644 #1131868 #1131870 #1131871 #1131872 
                    #1131874 #1133640 #1144443 #1156920 #1165266 
                    #1166933 #1167331 #1182805 #1194732 #1194733 
                    SLE-14992 
Cross-References:   CVE-2015-8041 CVE-2017-13077 CVE-2017-13078
                    CVE-2017-13079 CVE-2017-13080 CVE-2017-13081
                    CVE-2017-13082 CVE-2017-13086 CVE-2017-13087
                    CVE-2017-13088 CVE-2018-14526 CVE-2019-11555
                    CVE-2019-13377 CVE-2019-9494 CVE-2019-9495
                    CVE-2019-9497 CVE-2019-9498 CVE-2019-9499
                    CVE-2022-23303 CVE-2022-23304
CVSS scores:
                    CVE-2017-13077 (NVD) : 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13077 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13078 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13078 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13079 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13079 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13080 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13080 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13081 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13081 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13082 (NVD) : 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13082 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13086 (NVD) : 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13086 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13087 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13087 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2017-13088 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2017-13088 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2018-14526 (NVD) : 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2018-14526 (SUSE): 5.9 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
                    CVE-2019-11555 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-11555 (SUSE): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2019-13377 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2019-13377 (SUSE): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2019-9494 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2019-9494 (SUSE): 5.9 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
                    CVE-2019-9495 (NVD) : 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-9495 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
                    CVE-2019-9497 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-9497 (SUSE): 3.1 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2019-9498 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-9498 (SUSE): 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2019-9499 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-9499 (SUSE): 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-23303 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-23303 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-23304 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-23304 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    HPE Helion Openstack 8
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE OpenStack Cloud 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

   An update that fixes 20 vulnerabilities, contains one
   feature is now available.

Description:

   This update for wpa_supplicant fixes the following issues:

   - CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks
     (bsc#1194732, bsc#1194733)
   - CVE-2021-0326: Fixed P2P group information processing vulnerability
     (bsc#1181777)

   - Fix systemd device ready dependencies in [email protected]service file.
     (bsc#1182805)

   - Limit P2P_DEVICE name to appropriate ifname size
   - Enable SAE support(jsc#SLE-14992).
   - Fix wicked wlan (bsc#1156920)
   - Change wpa_supplicant.service to ensure wpa_supplicant gets started
     before network. Fix WLAN config on boot with wicked. (bsc#1166933)

   - Adjust the service to start after network.target wrt bsc#1165266

   Update to 2.9 release:

   * SAE changes
     - disable use of groups using Brainpool curves
     - improved protection against side channel attacks
       [https://w1.fi/security/2019-6/]
   * EAP-pwd changes
     - disable use of groups using Brainpool curves
     - allow the set of groups to be configured (eap_pwd_groups)
     - improved protection against side channel attacks
       [https://w1.fi/security/2019-6/]
   * fixed FT-EAP initial mobility domain association using PMKSA caching
     (disabled by default for backwards compatibility; can be enabled with
     ft_eap_pmksa_caching=1)
   * fixed a regression in OpenSSL 1.1+ engine loading
   * added validation of RSNE in (Re)Association Response frames
   * fixed DPP bootstrapping URI parser of channel list
   * extended EAP-SIM/AKA fast re-authentication to allow use with FILS
   * extended ca_cert_blob to support PEM format
   * improved robustness of P2P Action frame scheduling
   * added support for EAP-SIM/AKA using [email protected] identity
   * fixed Hotspot 2.0 credential selection based on roaming consortium to
     ignore credentials without a specific EAP method
   * added experimental support for EAP-TEAP peer (RFC 7170)
   * added experimental support for EAP-TLS peer with TLS v1.3
   * fixed a regression in WMM parameter configuration for a TDLS peer
   * fixed a regression in operation with drivers that offload 802.1X 4-way
     handshake
   * fixed an ECDH operation corner case with OpenSSL
   * SAE changes
     - added support for SAE Password Identifier
     - changed default configuration to enable only groups 19, 20, 21 (i.e.,
       disable groups 25 and 26) and disable all unsuitable groups completely
       based on REVmd changes
     - do not regenerate PWE unnecessarily when the AP uses the anti-clogging
       token mechanisms
     - fixed some association cases where both SAE and FT-SAE were enabled
       on both the station and the selected AP
     - started to prefer FT-SAE over SAE AKM if both are enabled
     - started to prefer FT-SAE over FT-PSK if both are enabled
     - fixed FT-SAE when SAE PMKSA caching is used
     - reject use of unsuitable groups based on new implementation guidance
       in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups
       with prime >= 256)
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
   * EAP-pwd changes
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
     - verify server scalar/element [https://w1.fi/security/2019-4/]
       (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874,
       bsc#1131872, bsc#1131871, bsc#1131644)
     - fix message reassembly issue with unexpected fragment
       [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
     - enforce rand,mask generation rules more strictly
     - fix a memory leak in PWE derivation
     - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)
     - SAE/EAP-pwd side-channel attack update
       [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
   * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
   * Hotspot 2.0 changes
     - do not indicate release number that is higher than the one AP supports
     - added support for release number 3
     - enable PMF automatically for network profiles created from credentials
   * fixed OWE network profile saving
   * fixed DPP network profile saving
   * added support for RSN operating channel validation (CONFIG_OCV=y and
     network profile parameter ocv=1)
   * added Multi-AP backhaul STA support
   * fixed build with LibreSSL
   * number of MKA/MACsec fixes and extensions
   * extended domain_match and domain_suffix_match to allow list of values
   * fixed dNSName matching in domain_match and domain_suffix_match when
     using wolfSSL
   * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are
     enabled
   * extended nl80211 Connect and external authentication to support SAE,
     FT-SAE, FT-EAP-SHA384
   * fixed KEK2 derivation for FILS+FT
   * extended client_cert file to allow loading of a chain of PEM encoded
     certificates
   * extended beacon reporting functionality
   * extended D-Bus interface with number of new properties
   * fixed a regression in FT-over-DS with mac80211-based drivers
   * OpenSSL: allow systemwide policies to be overridden
   * extended driver flags indication for separate 802.1X and PSK 4-way
     handshake offload capability
   * added support for random P2P Device/Interface Address use
   * extended PEAP to derive EMSK to enable use with ERP/FILS
   * extended WPS to allow SAE configuration to be added automatically for
     PSK (wps_cred_add_sae=1)
   * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
   * extended domain_match and domain_suffix_match to allow list of values
   * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP
     KeyID using incorrect byte order
   * fixed PTK rekeying with FILS and FT
   * fixed WPA packet number reuse with replayed messages and key
     reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077,
     CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
     CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
   * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
     [https://w1.fi/security/2018-1/] (CVE-2018-14526)
   * added support for FILS (IEEE 802.11ai) shared key authentication
   * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and
     transition mode defined by WFA)
   * added support for DPP (Wi-Fi Device Provisioning Protocol)
   * added support for RSA 3k key case with Suite B 192-bit level
   * fixed Suite B PMKSA caching not to update PMKID during each 4-way
     handshake
   * fixed EAP-pwd pre-processing with PasswordHashHash
   * added EAP-pwd client support for salted passwords
   * fixed a regression in TDLS prohibited bit validation
   * started to use estimated throughput to avoid undesired signal strength
     based roaming decision
   * MACsec/MKA:
     - new macsec_linux driver interface support for the Linux kernel macsec
       module
     - number of fixes and extensions
   * added support for external persistent storage of PMKSA cache
     (PMKSA_GET/PMKSA_ADD control interface commands; and
     MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
   * fixed mesh channel configuration pri/sec switch case
   * added support for beacon report
   * large number of other fixes, cleanup, and extensions
   * added support for randomizing local address for GAS queries
     (gas_rand_mac_addr parameter)
   * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
   * added option for using random WPS UUID (auto_uuid=1)
   * added SHA256-hash support for OCSP certificate matching
   * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
   * fixed a regression in RSN pre-authentication candidate selection
   * added option to configure allowed group management cipher suites
     (group_mgmt network profile parameter)
   * removed all PeerKey functionality
   * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15
     and newer
   * added ap_isolate configuration option for AP mode
   * added support for nl80211 to offload 4-way handshake into the driver
   * added support for using wolfSSL cryptographic library
   * SAE
     - added support for configuring SAE password separately of the WPA2
       PSK/passphrase
     - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for
       SAE; note: this is not backwards compatible, i.e., both the AP and
       station side implementations will need to be update at the same time
       to maintain interoperability
     - added support for Password Identifier
     - fixed FT-SAE PMKID matching
   * Hotspot 2.0
     - added support for fetching of Operator Icon Metadata ANQP-element
     - added support for Roaming Consortium Selection element
     - added support for Terms and Conditions
     - added support for OSEN connection in a shared RSN BSS
     - added support for fetching Venue URL information
   * added support for using OpenSSL 1.1.1
   * FT
     - disabled PMKSA caching with FT since it is not fully functional
     - added support for SHA384 based AKM
     - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256
       in addition to previously supported BIP-CMAC-128
     - fixed additional IE inclusion in Reassociation Request frame when
       using FT protocol

   - CVE-2015-8041: Using O_WRONLY flag [https://w1.fi/security/2015-5/]


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1853=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1853=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1853=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1853=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1853=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1853=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1853=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1853=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1853=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1853=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2022-1853=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE OpenStack Cloud 9 (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE OpenStack Cloud 8 (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1

   - HPE Helion Openstack 8 (x86_64):

      wpa_supplicant-2.9-15.22.1
      wpa_supplicant-debuginfo-2.9-15.22.1
      wpa_supplicant-debugsource-2.9-15.22.1


References:

   https://www.suse.com/security/cve/CVE-2015-8041.html
   https://www.suse.com/security/cve/CVE-2017-13077.html
   https://www.suse.com/security/cve/CVE-2017-13078.html
   https://www.suse.com/security/cve/CVE-2017-13079.html
   https://www.suse.com/security/cve/CVE-2017-13080.html
   https://www.suse.com/security/cve/CVE-2017-13081.html
   https://www.suse.com/security/cve/CVE-2017-13082.html
   https://www.suse.com/security/cve/CVE-2017-13086.html
   https://www.suse.com/security/cve/CVE-2017-13087.html
   https://www.suse.com/security/cve/CVE-2017-13088.html
   https://www.suse.com/security/cve/CVE-2018-14526.html
   https://www.suse.com/security/cve/CVE-2019-11555.html
   https://www.suse.com/security/cve/CVE-2019-13377.html
   https://www.suse.com/security/cve/CVE-2019-9494.html
   https://www.suse.com/security/cve/CVE-2019-9495.html
   https://www.suse.com/security/cve/CVE-2019-9497.html
   https://www.suse.com/security/cve/CVE-2019-9498.html
   https://www.suse.com/security/cve/CVE-2019-9499.html
   https://www.suse.com/security/cve/CVE-2022-23303.html
   https://www.suse.com/security/cve/CVE-2022-23304.html
   https://bugzilla.suse.com/1131644
   https://bugzilla.suse.com/1131868
   https://bugzilla.suse.com/1131870
   https://bugzilla.suse.com/1131871
   https://bugzilla.suse.com/1131872
   https://bugzilla.suse.com/1131874
   https://bugzilla.suse.com/1133640
   https://bugzilla.suse.com/1144443
   https://bugzilla.suse.com/1156920
   https://bugzilla.suse.com/1165266
   https://bugzilla.suse.com/1166933
   https://bugzilla.suse.com/1167331
   https://bugzilla.suse.com/1182805
   https://bugzilla.suse.com/1194732
   https://bugzilla.suse.com/1194733