See https://www.openwall.com/lists/oss-security/2022/01/16/2. ``` Published: January 16, 2022 Latest version available from: https://w1.fi/security/2022-1/ This is an update on earlier security advisories 2019-1 and 2019-2. Please see those advisories for more details in the issues. https://w1.fi/security/2019-1/ https://w1.fi/security/2019-2/ Vulnerability hostapd and wpa_supplicant security advisories 2019-1 and 2019-2 addressed side-channel attacks related to SAE and EAP-pwd. The improvements identified in those advisories made it more difficult to observe external differences in timing or memory access to mitigate against this type of attacks. However, the identified changes did not remove all differences. The external crypto library functions used to implement crypto_ec_point_solve_y_coord() might not use a constant time design and as such, might enable some side-channel channel attacks. In particular, a potential new cache-based attack has been described that could allow an attacker that is able to run unprivileged code on the same processor might be able to gain enough information from the SAE/EAP-pwd operations to be able to perform an offline dictionary attack that could work against sufficiently weak passwords. Vulnerable versions/configurations All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and in the runtime configuration). All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration). Acknowledgments Thanks to Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque (all affiliated to the University of Rennes 1, IRISA, France) for discovering and reporting the issue. Possible mitigation steps - Update to wpa_supplicant/hostapd v2.10 or newer - Merge the following commits to wpa_supplicant/hostapd v2.9 and rebuild: crypto: Add more bignum/EC helper functions dragonfly: Add sqrt() helper function SAE: Derive the y coordinate for PWE with own implementation EAP-pwd: Derive the y coordinate for PWE with own implementation These patches are available from https://w1.fi/security/2022-1/ ```
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=744939bdfc1a0a6296c709d4382d3676abdb2b66 commit 744939bdfc1a0a6296c709d4382d3676abdb2b66 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-17 02:14:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-17 02:20:13 +0000 net-wireless/wpa_supplicant: add 2.10 (security bump) Bug: https://bugs.gentoo.org/831332 Closes: https://bugs.gentoo.org/829180 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 + .../wpa_supplicant/wpa_supplicant-2.10.ebuild | 478 +++++++++++++++++++++ .../wpa_supplicant/wpa_supplicant-9999.ebuild | 10 +- 3 files changed, 482 insertions(+), 7 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=897e3fc7404602f02dd84b9258b6812a0167e99e commit 897e3fc7404602f02dd84b9258b6812a0167e99e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-17 02:12:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-17 02:20:12 +0000 net-wireless/hostapd: add 2.10 (security bump) Bug: https://bugs.gentoo.org/816957 Bug: https://bugs.gentoo.org/831332 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/Manifest | 1 + net-wireless/hostapd/hostapd-2.10.ebuild | 262 +++++++++++++++++++++++++++++++ net-wireless/hostapd/hostapd-9999.ebuild | 17 +- 3 files changed, 270 insertions(+), 10 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=093594dc110993c6f0b2cefe5935d56977e4ee37 commit 093594dc110993c6f0b2cefe5935d56977e4ee37 Author: Rick Farina <zerochaos@gentoo.org> AuthorDate: 2022-03-17 02:01:30 +0000 Commit: Rick Farina <zerochaos@gentoo.org> CommitDate: 2022-03-17 02:15:46 +0000 net-wireless/wpa_supplicant: drop 2.9-r4, 2.9-r5, 2.9-r8 Signed-off-by: Rick Farina <zerochaos@gentoo.org> Bug: https://bugs.gentoo.org/831332 net-wireless/wpa_supplicant/Manifest | 1 - .../wpa_supplicant/wpa_supplicant-2.9-r4.ebuild | 465 ------------------- .../wpa_supplicant/wpa_supplicant-2.9-r5.ebuild | 471 -------------------- .../wpa_supplicant/wpa_supplicant-2.9-r8.ebuild | 490 --------------------- 4 files changed, 1427 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6576b2463f3f2fbe8e4c6e3315337a9f8f22ae0 commit d6576b2463f3f2fbe8e4c6e3315337a9f8f22ae0 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-10 04:32:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-10 04:35:09 +0000 net-wireless/hostapd: drop 2.9-r6 Bug: https://bugs.gentoo.org/831332 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/Manifest | 1 - ...-not-allow-event-subscriptions-with-URLs-.patch | 150 ----------- ...x-event-message-generation-using-a-long-U.patch | 59 ----- ...ndle-HTTP-initiation-failures-for-events-.patch | 47 ---- ...y-ignore-management-frame-from-unexpected.patch | 73 ------ ...date-DigestAlgorithmIdentifier-parameters.patch | 115 --------- net-wireless/hostapd/hostapd-2.9-r6.ebuild | 275 --------------------- 7 files changed, 720 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7 commit 0195ea9f2ff90e0c5b9aab4eb5154bdb3fdb3ed7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 08:38:51 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 08:39:50 +0000 [ GLSA 202309-16 ] wpa_supplicant, hostapd: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/768759 Bug: https://bugs.gentoo.org/780135 Bug: https://bugs.gentoo.org/780138 Bug: https://bugs.gentoo.org/831332 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-16.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)
