Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] wpa_supplicant (SSA:2017-291-02)
Date: Wed, 18 Oct 2017 12:36:09 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  wpa_supplicant (SSA:2017-291-02)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded.
  This update includes patches to mitigate the WPA2 protocol issues known
  as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
  hijack TCP connections, and to forge and inject packets. This is the
  list of vulnerabilities that are addressed here:
  CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
    4-way handshake.
  CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
    handshake.
  CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
    handshake.
  CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
    key handshake.
  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
    while processing it.
  CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake.
  CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame.
  CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  For more information, see:
    https://www.krackattacks.com/
    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
d8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
f25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz

Slackware 14.1 package:
15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz

Slackware 14.2 package:
c5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz

Slackware -current package:
28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz

Slackware x86_64 -current package:
464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlnnrOgACgkQakRjwEAQIjPgvQCfRcXlhuFjrDNPbEUeZrYLxnkW
b+4An0l5cZOdtohI7Fq0NbryWajCOnM2
=5HQM
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.