diff options
author | Ross Burton <ross.burton@intel.com> | 2017-10-17 12:17:29 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-03 12:28:27 +0000 |
commit | 3f55846839530468f35f7940156713c6d0085495 (patch) | |
tree | f6ce3479480e0d739ad9b55d1e30fd9becb2d72d /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb | |
parent | e08994ce953ff5ab49b260e7763a40bfad4285ca (diff) | |
download | poky-3f55846839530468f35f7940156713c6d0085495.tar.gz |
wpa_supplicant: fix WPA2 key replay security bug
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
(From OE-Core rev: 6af6e285e8bed16b02dee27c8466e9f4f9f21e30)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb')
-rw-r--r-- | meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb index 6e4d028112..fe2ff0f30b 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb | |||
@@ -33,6 +33,7 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \ | |||
33 | file://0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch \ | 33 | file://0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch \ |
34 | file://0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch \ | 34 | file://0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch \ |
35 | file://0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch \ | 35 | file://0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch \ |
36 | file://key-replay-cve-multiple.patch \ | ||
36 | " | 37 | " |
37 | SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d" | 38 | SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d" |
38 | SRC_URI[sha256sum] = "058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122" | 39 | SRC_URI[sha256sum] = "058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122" |