* "Such issues could allow a device connected to the local network (i.e., a device that has been authorized to transmit packets in the network in which the AP is located) could trigger the AP to initiate a HTTP (TCP/IP) connection to an arbitrary URL" * "[Other] issues could allow local devices (i.e., devices that have been authorized to transmit packets in the network in which the AP is located) to trigger misbehavior in hostapd and cause the process to either get terminated or to start using more CPU resources by using a specially constructed SUBSCRIBE command."
Patches: * https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch * https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch * https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@maintainer(s), please apply these patches.
ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8c17aa77fa1271caf2d881c92e36cc121578b94 commit b8c17aa77fa1271caf2d881c92e36cc121578b94 Author: Alarig Le Lay <alarig@swordarmor.fr> AuthorDate: 2020-09-12 11:38:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-09-27 16:56:39 +0000 net-wireless/hostapd: fix CVE-2020-12695 Bug: https://bugs.gentoo.org/727542 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr> Closes: https://github.com/gentoo/gentoo/pull/15990 Signed-off-by: Sam James <sam@gentoo.org> ...-not-allow-event-subscriptions-with-URLs-.patch | 150 +++++++++++ ...x-event-message-generation-using-a-long-U.patch | 59 +++++ ...ndle-HTTP-initiation-failures-for-events-.patch | 47 ++++ net-wireless/hostapd/hostapd-2.9-r1.ebuild | 2 +- net-wireless/hostapd/hostapd-2.9-r3.ebuild | 279 +++++++++++++++++++++ 5 files changed, 536 insertions(+), 1 deletion(-)
ppc done
arm64 done
arm done
amd64 done
x86 stable. Maintainer(s), please cleanup. Security, please vote.
A note on this revision: There is a conflict with `bindist` USE flag set as this revision reintroduces linking to ECDH functions that the `internal-tls` USE flag should prevent. I have traced this issue back to the unconditional addition of the `Device Provisioning Protocol` (CONFIG_DPP) which I think should be moved to the SSL authentication methods block in the ebuild.
Addendum: It seems I had some residual changes hanging around. Above note in fact applies to ALL the added protocols: * Dragonfly (CONFIG_SAE) * Opportunistic Wireless Encryption (CONFIG_OWE) * Device Provisioning Protocol (CONFIG_DPP) Please make these depend on `internal-tls` NOT being set.
I moved them in the internal-tls conditional block, see the MR for the diff
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4831a30d002e33c50e18114f257d1c228c922c8 commit f4831a30d002e33c50e18114f257d1c228c922c8 Author: Alarig Le Lay <alarig@swordarmor.fr> AuthorDate: 2020-10-15 21:06:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-10 14:42:32 +0000 net-wireless/hostapd: Make bindist protocols depending on internal-tls * Dragonfly (CONFIG_SAE) * Opportunistic Wireless Encryption (CONFIG_OWE) * Device Provisioning Protocol (CONFIG_DPP) Bug: https://bugs.gentoo.org/727542 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr> Closes: https://github.com/gentoo/gentoo/pull/17864 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/hostapd-2.9-r3.ebuild | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
Unable to check for sanity: > no match for package: net-wireless/hostapd-2.9-r3
No GLSA like the other CallStranger bugs, all done!
