| Summary: | <net-wireless/wpa_supplicant-2.6-r3: WPA packet number reuse with replayed messages and key reinstallation | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | ago, alexander, arthur, bertrand, charles17, gentoo, gurligebis, luke, monsieurp, redneb, ryao, speedjack95, zerochaos |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt | ||
| Whiteboard: | B4 [glsa] | ||
| Package list: |
=net-wireless/wpa_supplicant-2.6-r3
|
Runtime testing required: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 634440 | ||
|
Description
GLSAMaker/CVETool Bot
2017-10-16 13:34:25 UTC
Details here: https://www.krackattacks.com/ Both hostapd and wpa_supplicant are affected. Upstream has published patches: https://w1.fi/security/2017-1/ See tracker bug 634440 for more details. The patches for this seem to break 802.11r/FT for me. As no one has ever asked for that feature, nor reported a bug on it, I think that's okay. I added it for me, and I'm breaking it for me. I'll cry alone. Ebuild is in the tree, intentionally holding for a test period before stabilizing. cc: arches which I didn't stable *** Bug 634418 has been marked as a duplicate of this bug. *** *** Bug 619058 has been marked as a duplicate of this bug. *** ppc/ppc64 stable arm stable, all arches done. Thank you arches. @ Maintainer(s): Please remove the vulnerable version from tree. Vulnerable removed, thanks GLSA Vote: Yes! New GLSA request filed. This issue was resolved and addressed in GLSA 201711-03 at https://security.gentoo.org/glsa/201711-03 by GLSA coordinator Aaron Bauman (b-man). |