diff options
| author |   Mark Hatle <mark.hatle@windriver.com> | 2017-10-16 12:43:36 -0400 |
|---|---|---|
| committer |   Martin Jansa <Martin.Jansa@gmail.com> | 2017-10-16 20:42:22 +0000 |
| commit | ed6b5da8740034faf599010c12e3dc77e5490cd4 (patch) | |
| tree | 07bd8900f48a7f427e5b4cef5bbae3c66260a0c4 /meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb | |
| parent | 841aadaa33a16eaa441d80c5332c06f4e830a9f4 (diff) | |
| download | meta-openembedded-contrib-ed6b5da8740034faf599010c12e3dc77e5490cd4.tar.gz | |
hostapd: fix WPA2 key replay security bug
Note, hostapd and wpa_supplicant use the same sources. This commit is based
on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message
from OpenEmbedded-Core.
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
Signed-off-by: Ross Burton <ross.burton@intel.com>
The hunk:
[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request
does not apply to hostapd and was removed from the patch.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb')
| -rw-r--r-- | meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb index 3b74f482a3..c3a1eadfd8 100644 --- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb +++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb @@ -16,6 +16,7 @@ SRC_URI = " \ file://defconfig \ file://init \ file://hostapd.service \ + file://key-replay-cve-multiple.patch \ " S = "${WORKDIR}/hostapd-${PV}" |