Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 663172 (CVE-2018-14526)

Summary: <net-wireless/wpa_supplicant-2.6-r10: Unauthenticated EAPOL-Key decryption in wpa_supplicant
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gentoo, zerochaos
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa cve]
Package list:
=net-wireless/wpa_supplicant-2.6-r10
Runtime testing required: Yes

Comment 1 Rick Farina (Zero_Chaos) gentoo-dev 2018-12-05 20:49:05 UTC
wpa_supplicant-2.6-r10 is in the tree with a fix.  I'd also like it stabilized anyway, so I've opened a bug

https://bugs.gentoo.org/672584
Comment 2 Thomas Deutschmann gentoo-dev 2018-12-07 02:43:45 UTC
x86 stable
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-12-07 12:31:22 UTC
amd64 stable
Comment 4 Matt Turner gentoo-dev 2018-12-07 23:20:37 UTC
ppc/ppc64 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-12-08 12:11:19 UTC
arm stable
Comment 6 cono 2018-12-09 22:38:22 UTC
I'm having issues with this wpa_supplicant version. No errors in the log, just ping of the gateway stuck for a moment, than recovers by itself, than stuck again (not only ping, like whole connection, just tested by the ping).
Reverting back to 2.6-r6 resolves the problem.

My WIFI: Killer AC-1535

03:00.0 Network controller [0280]: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter [168c:003e] (rev 32)
	Subsystem: Bigfoot Networks, Inc. QCA6174 802.11ac Wireless Network Adapter [1a56:1535]
	Kernel driver in use: ath10k_pci
	Kernel modules: ath10k_pci

Not sure what else I can provide, please suggest.
Comment 7 Thomas Deutschmann gentoo-dev 2018-12-09 23:36:07 UTC
Please file an own bug for your issue.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 02:52:23 UTC
GLSA Vote: No
Arches and Maintainer(s), Thank you for your work.

Maintainer(s), please drop the vulnerable version(s).