Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634438 - <net-wireless/hostapd-2.6-r1: WPA packet number reuse with replayed messages and key reinstallation
Summary: <net-wireless/hostapd-2.6-r1: WPA packet number reuse with replayed messages ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://w1.fi/security/2017-1/wpa-pac...
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
  Show dependency tree
 
Reported: 2017-10-16 13:35 UTC by GLSAMaker/CVETool Bot
Modified: 2017-11-10 22:40 UTC (History)
5 users (show)

See Also:
Package list:
=net-wireless/hostapd-2.6-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-16 13:35:46 UTC
Incoming details
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-16 13:54:10 UTC
See tracker bug 634440 for more details.
Comment 2 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-16 14:20:27 UTC
stable on amd64/x86

ppc, please remove the old ebuild when you stable.

thanks!
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2017-10-16 16:44:57 UTC
should this be closed in favor of bug 634436
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-16 17:58:38 UTC
*** Bug 634418 has been marked as a duplicate of this bug. ***
Comment 5 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-18 00:20:13 UTC
(In reply to Matthew Thode ( prometheanfire ) from comment #3)
> should this be closed in favor of bug 634436

hostapd != wpa_supplicant

yes they share a code base, but they are fully independent in gentoo and all other distros that I know.  They even have different keywords so it makes no sense to track them together imho.
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-21 10:47:55 UTC
ppc stable
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2017-10-22 00:20:10 UTC
@maintainers, please clean the vulnerable versions.
Comment 8 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-23 02:17:09 UTC
thanks
Comment 9 Rick Farina (Zero_Chaos) gentoo-dev 2017-10-23 02:17:46 UTC
whoops, sorry, I should read the note before hitting save
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-26 20:59:17 UTC
Added to an existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-11-10 22:40:41 UTC
This issue was resolved and addressed in
 GLSA 201711-03 at https://security.gentoo.org/glsa/201711-03
by GLSA coordinator Aaron Bauman (b-man).