hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)
Fix PTK rekeying to generate a new ANonce
Prevent reinstallation of an already in-use group key and extend
protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
(CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
Prevent installation of an all-zero TK
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
This update has been submitted for testing by lkundrak.
Looks good, works as expected. Can't test mitigation yet because no scripts have been released.
Seems to work here, I haven't verified CVE mitigation but it doesn't appear to break anything upon upgrade.
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
Seems fine on a few different devices and 2.4 and 5ghz networks
This update has been pushed to stable.