FEDORA-2017-60bfb576b7

security update in Fedora 26 for wpa_supplicant

Status: stable 9 months ago

Fix the for the Key Reinstallation Attacks

  • hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)
  • Fix PTK rekeying to generate a new ANonce
  • Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088)
  • Prevent installation of an all-zero TK
  • TDLS: Reject TPK-TK reconfiguration
  • WNM: Ignore WNM-Sleep Mode Response without pending request
  • FT: Do not allow multiple Reassociation Response frames

Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Details and the paper: https://www.krackattacks.com/

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 19

This update has been submitted for testing by lkundrak.

lkundrak edited this update.

Looks good, works as expected. Can't test mitigation yet because no scripts have been released.

karma: +1 #1502589: +1
karma: +1 critpath: +1

WFM

karma: +1 critpath: +1

This update has been submitted for batched by bodhi.

karma: +1 critpath: +1
karma: +1 critpath: +1

This update has been submitted for stable by lkundrak.

karma: +1 critpath: +1 #1502589: +1
karma: +1 critpath: +1

This update has been pushed to stable.

Works with a LEDE-powered router.

karma: +1 critpath: +1
karma: +1 critpath: +1

WFM, thanks!

karma: +1 critpath: +1

Works for me.

karma: +1 critpath: +1

WFM

karma: +1 critpath: +1 #1502589: +1 #1500304: +1 #1500303: +1 #1491698: +1 #1491697: +1 #1491696: +1 #1491694: +1 #1491693: +1 #1491692: +1

works, though I couldn't test attack mitigation.

karma: +1 critpath: +1

LGTM

karma: +1 critpath: +1 #1502589: +1 #1500304: +1 #1500303: +1 #1491698: +1 #1491697: +1 #1491696: +1

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1502589 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]
#1500304 CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
#1500303 CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
#1491698 CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it
#1491697 CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake
#1491696 CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
#1491694 CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake
#1491693 CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
#1491692 CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
Does the system's basic functionality continue to work after this update?
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Update Severity
high
Karma
+12
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 9 months ago
in stable 9 months ago
modified 9 months ago

Related Bugs 9

0+4 #1502589 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]
0+2 #1500304 CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
0+2 #1500303 CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
0+2 #1491698 CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it
0+2 #1491697 CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake
0+2 #1491696 CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
0+1 #1491694 CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake
0+1 #1491693 CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
0+1 #1491692 CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.