Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 780135 (CVE-2021-30004) - <net-wireless/hostapd-2.9-r4: mishandled AlgorithmIdentifier parameters may lead to forging attacks (CVE-2021-30004)
Summary: <net-wireless/hostapd-2.9-r4: mishandled AlgorithmIdentifier parameters may l...
Status: IN_PROGRESS
Alias: CVE-2021-30004
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://w1.fi/cgit/hostap/commit/?id=...
Whiteboard: B3 [glsa? cve]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-04-05 01:01 UTC by John Helmert III
Modified: 2021-08-16 16:17 UTC (History)
2 users (show)

See Also:
Package list:
net-wireless/hostapd-2.9-r6
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-04-05 01:01:58 UTC
CVE-2021-30004:

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.


Patch at URL but seems there's no tag containing it.
Comment 1 Thomas Deutschmann gentoo-dev Security 2021-05-31 20:55:20 UTC
Only affects USE=internal-tls which isn't the default.

We are waiting for revision/tagged release with https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15.
Comment 2 Larry the Git Cow gentoo-dev 2021-06-02 12:59:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56ce8ace503d45e60b72a79222bb6aada4c76124

commit 56ce8ace503d45e60b72a79222bb6aada4c76124
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-06-02 12:41:04 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-06-02 12:59:30 +0000

    net-wireless/hostapd: fix CVE-2021-30004
    
    Bug: https://bugs.gentoo.org/780135
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 ...date-DigestAlgorithmIdentifier-parameters.patch | 115 +++++++++
 net-wireless/hostapd/hostapd-2.9-r4.ebuild         | 275 +++++++++++++++++++++
 net-wireless/hostapd/hostapd-9999.ebuild           |   2 +
 3 files changed, 392 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2021-06-17 20:18:38 UTC
amd64 done
Comment 4 Sam James archtester gentoo-dev Security 2021-06-17 20:20:01 UTC
x86 done
Comment 5 NATTkA bot gentoo-dev 2021-06-17 22:20:32 UTC Comment hidden (obsolete)
Comment 6 Agostino Sarubbo gentoo-dev 2021-06-18 06:28:05 UTC
ppc stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2021-06-19 18:51:17 UTC
Commit did not drop keywords down to ~arch:

commit 52123dae78919046f09b506709280128faad0a96
Author: Thomas Deutschmann <whissi@gentoo.org>
Date:   Fri Jun 18 00:06:19 2021 +0200

    net-wireless/hostapd: rev bump for commit 6915847f2

    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

diff --git a/net-wireless/hostapd/hostapd-2.9-r3.ebuild b/net-wireless/hostapd/hostapd-2.9-r5.ebuild
similarity index 100%
rename from net-wireless/hostapd/hostapd-2.9-r3.ebuild
rename to net-wireless/hostapd/hostapd-2.9-r5.ebuild
diff --git a/net-wireless/hostapd/hostapd-2.9-r4.ebuild b/net-wireless/hostapd/hostapd-2.9-r6.ebuild
similarity index 100%
rename from net-wireless/hostapd/hostapd-2.9-r4.ebuild
rename to net-wireless/hostapd/hostapd-2.9-r6.ebuild
Comment 8 Sam James archtester gentoo-dev Security 2021-06-19 22:01:02 UTC
Oh, I see, I "fixed" the package list incorrectly. Needed to add 2 to the revision.
Comment 9 Agostino Sarubbo gentoo-dev 2021-06-21 06:18:38 UTC
ppc stable
Comment 10 Sam James archtester gentoo-dev Security 2021-06-21 07:18:59 UTC
arm done
Comment 11 Sam James archtester gentoo-dev Security 2021-06-21 19:04:08 UTC
arm64 done

all arches done
Comment 12 John Helmert III gentoo-dev Security 2021-06-21 19:12:32 UTC
Please cleanup.
Comment 13 Larry the Git Cow gentoo-dev 2021-08-16 16:17:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8781a5c3a43ae5282b6fc64793d6150366c6193

commit f8781a5c3a43ae5282b6fc64793d6150366c6193
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2021-08-16 14:51:22 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-08-16 16:17:35 +0000

    net-wireless/hostapd: Remove vulnerable 2.9-r5
    
    Bug: https://bugs.gentoo.org/780135
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Signed-off-by: Sam James <sam@gentoo.org>

 net-wireless/hostapd/hostapd-2.9-r5.ebuild | 270 -----------------------------
 1 file changed, 270 deletions(-)