Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634436 - <net-wireless/wpa_supplicant-2.6-r3: WPA packet number reuse with replayed messages and key reinstallation
Summary: <net-wireless/wpa_supplicant-2.6-r3: WPA packet number reuse with replayed me...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
: 619058 634418 (view as bug list)
Depends on:
Blocks: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
  Show dependency tree
Reported: 2017-10-16 13:34 UTC by GLSAMaker/CVETool Bot
Modified: 2017-11-10 22:40 UTC (History)
13 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-16 13:34:25 UTC
Incoming details
Comment 1 Richard Yao (RETIRED) gentoo-dev 2017-10-16 13:37:38 UTC
Details here:

Both hostapd and wpa_supplicant are affected. Upstream has published patches:
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-16 13:53:17 UTC
See tracker bug 634440 for more details.
Comment 3 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-16 13:53:45 UTC
The patches for this seem to break 802.11r/FT for me.  As no one has ever asked for that feature, nor reported a bug on it, I think that's okay.  I added it for me, and I'm breaking it for me.  I'll cry alone.

Ebuild is in the tree, intentionally holding for a test period before stabilizing.
Comment 4 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-16 14:23:42 UTC
cc: arches which I didn't stable
Comment 5 Arfrever Frehtes Taifersar Arahesis 2017-10-17 00:48:27 UTC
*** Bug 634418 has been marked as a duplicate of this bug. ***
Comment 6 charles17 2017-10-20 07:18:07 UTC
*** Bug 619058 has been marked as a duplicate of this bug. ***
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-21 10:48:09 UTC
ppc/ppc64 stable
Comment 8 Markus Meier gentoo-dev 2017-10-24 17:38:34 UTC
arm stable, all arches done.
Comment 9 Aleksandr Wagner (Kivak) 2017-10-24 19:07:36 UTC
Thank you arches.

@ Maintainer(s): Please remove the vulnerable version from tree.
Comment 10 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-26 20:54:49 UTC
Vulnerable removed, thanks
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-26 20:58:35 UTC
GLSA Vote: Yes!

New GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2017-11-10 22:40:32 UTC
This issue was resolved and addressed in
 GLSA 201711-03 at
by GLSA coordinator Aaron Bauman (b-man).