——————————————————————————–
Fedora Update Notification
FEDORA-2017-12e76e8364
2017-10-16 20:56:19.674701
——————————————————————————–
Name : wpa_supplicant
Product : Fedora 25
Version : 2.6
Release : 3.fc25.1
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.
——————————————————————————–
Update Information:
Fix the for the Key Reinstallation Attacks
========================================== – hostapd: Avoid key reinstallation
in FT handshake (CVE-2017-13082) – Fix PTK rekeying to generate a new ANonce –
Prevent reinstallation of an already in-use group key and extend protection of
GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088) – Prevent installation of an all-zero TK – TDLS: Reject TPK-TK
reconfiguration – WNM: Ignore WNM-Sleep Mode Response without pending request –
FT: Do not allow multiple Reassociation Response frames Upstream advisory:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Details and the paper: https://www.krackattacks.com/
——————————————————————————–
References:
[ 1 ] Bug #1500304 – CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://bugzilla.redhat.com/show_bug.cgi?id=1500304
[ 2 ] Bug #1500303 – CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://bugzilla.redhat.com/show_bug.cgi?id=1500303
[ 3 ] Bug #1491698 – CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it
https://bugzilla.redhat.com/show_bug.cgi?id=1491698
[ 4 ] Bug #1491697 – CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491697
[ 5 ] Bug #1491696 – CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491696
[ 6 ] Bug #1491694 – CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491694
[ 7 ] Bug #1491693 – CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491693
[ 8 ] Bug #1491692 – CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491692
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade wpa_supplicant’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2017-60bfb576b7
2017-10-16 15:51:47.723173
——————————————————————————–
Name : wpa_supplicant
Product : Fedora 26
Version : 2.6
Release : 11.fc26
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.
——————————————————————————–
Update Information:
Fix the for the Key Reinstallation Attacks
========================================== – hostapd: Avoid key reinstallation
in FT handshake (CVE-2017-13082) – Fix PTK rekeying to generate a new ANonce –
Prevent reinstallation of an already in-use group key and extend protection of
GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,
CVE-2017-13088) – Prevent installation of an all-zero TK – TDLS: Reject TPK-TK
reconfiguration – WNM: Ignore WNM-Sleep Mode Response without pending request –
FT: Do not allow multiple Reassociation Response frames Upstream advisory:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Details and the paper: https://www.krackattacks.com/
——————————————————————————–
References:
[ 1 ] Bug #1500304 – CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://bugzilla.redhat.com/show_bug.cgi?id=1500304
[ 2 ] Bug #1500303 – CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://bugzilla.redhat.com/show_bug.cgi?id=1500303
[ 3 ] Bug #1491698 – CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it
https://bugzilla.redhat.com/show_bug.cgi?id=1491698
[ 4 ] Bug #1491697 – CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491697
[ 5 ] Bug #1491696 – CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491696
[ 6 ] Bug #1491694 – CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491694
[ 7 ] Bug #1491693 – CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491693
[ 8 ] Bug #1491692 – CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1491692
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade wpa_supplicant’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org