Summary: | <net-wireless/hostapd-2.10, <net-wireless/wpa_supplicant-2.10: SAE/EAP-pwd side-channel attack | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam, zerochaos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2022/01/16/2 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 833576, 834461 | ||
Bug Blocks: |
Description
Sam James
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=744939bdfc1a0a6296c709d4382d3676abdb2b66 commit 744939bdfc1a0a6296c709d4382d3676abdb2b66 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-17 02:14:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-17 02:20:13 +0000 net-wireless/wpa_supplicant: add 2.10 (security bump) Bug: https://bugs.gentoo.org/831332 Closes: https://bugs.gentoo.org/829180 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 + .../wpa_supplicant/wpa_supplicant-2.10.ebuild | 478 +++++++++++++++++++++ .../wpa_supplicant/wpa_supplicant-9999.ebuild | 10 +- 3 files changed, 482 insertions(+), 7 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=897e3fc7404602f02dd84b9258b6812a0167e99e commit 897e3fc7404602f02dd84b9258b6812a0167e99e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-17 02:12:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-17 02:20:12 +0000 net-wireless/hostapd: add 2.10 (security bump) Bug: https://bugs.gentoo.org/816957 Bug: https://bugs.gentoo.org/831332 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/Manifest | 1 + net-wireless/hostapd/hostapd-2.10.ebuild | 262 +++++++++++++++++++++++++++++++ net-wireless/hostapd/hostapd-9999.ebuild | 17 +- 3 files changed, 270 insertions(+), 10 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=093594dc110993c6f0b2cefe5935d56977e4ee37 commit 093594dc110993c6f0b2cefe5935d56977e4ee37 Author: Rick Farina <zerochaos@gentoo.org> AuthorDate: 2022-03-17 02:01:30 +0000 Commit: Rick Farina <zerochaos@gentoo.org> CommitDate: 2022-03-17 02:15:46 +0000 net-wireless/wpa_supplicant: drop 2.9-r4, 2.9-r5, 2.9-r8 Signed-off-by: Rick Farina <zerochaos@gentoo.org> Bug: https://bugs.gentoo.org/831332 net-wireless/wpa_supplicant/Manifest | 1 - .../wpa_supplicant/wpa_supplicant-2.9-r4.ebuild | 465 ------------------- .../wpa_supplicant/wpa_supplicant-2.9-r5.ebuild | 471 -------------------- .../wpa_supplicant/wpa_supplicant-2.9-r8.ebuild | 490 --------------------- 4 files changed, 1427 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6576b2463f3f2fbe8e4c6e3315337a9f8f22ae0 commit d6576b2463f3f2fbe8e4c6e3315337a9f8f22ae0 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-10 04:32:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-10 04:35:09 +0000 net-wireless/hostapd: drop 2.9-r6 Bug: https://bugs.gentoo.org/831332 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/Manifest | 1 - ...-not-allow-event-subscriptions-with-URLs-.patch | 150 ----------- ...x-event-message-generation-using-a-long-U.patch | 59 ----- ...ndle-HTTP-initiation-failures-for-events-.patch | 47 ---- ...y-ignore-management-frame-from-unexpected.patch | 73 ------ ...date-DigestAlgorithmIdentifier-parameters.patch | 115 --------- net-wireless/hostapd/hostapd-2.9-r6.ebuild | 275 --------------------- 7 files changed, 720 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7 commit 0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 08:38:51 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 08:39:50 +0000 [ GLSA 202309-16 ] wpa_supplicant, hostapd: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/768759 Bug: https://bugs.gentoo.org/780135 Bug: https://bugs.gentoo.org/780138 Bug: https://bugs.gentoo.org/831332 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-16.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) |