From owner-freebsd-security@freebsd.org Tue Oct 17 19:44:38 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 676A7E45BB9 for ; Tue, 17 Oct 2017 19:44:38 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11D39803D4 for ; Tue, 17 Oct 2017 19:44:37 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from [IPv6:2001:470:25:233:24ef:84:9b8f:b3c] (unknown [IPv6:2001:470:25:233:24ef:84:9b8f:b3c]) by host64.shmhost.net (Postfix) with ESMTPSA id B0907160676 for ; Tue, 17 Oct 2017 21:44:28 +0200 (CEST) From: Franco Fichtner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:07.wpa Date: Tue, 17 Oct 2017 21:44:27 +0200 References: <20171017182251.E38B8123E3@freefall.freebsd.org> To: freebsd-security@freebsd.org In-Reply-To: <20171017182251.E38B8123E3@freefall.freebsd.org> Message-Id: X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net X-Virus-Status: Clean X-Spam-Flag: NO X-Spam-Score: -1.0 X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0 tests=[ALL_TRUSTED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 19:44:38 -0000 Hi, The entry in UPDATING on releng/11.1 annotates "p13" but should say = "p2". Cheers, Franco > On 17. Oct 2017, at 8:22 PM, FreeBSD Security Advisories = wrote: >=20 > Signed PGP part > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > FreeBSD-SA-17:07.wpa Security = Advisory > The FreeBSD = Project >=20 > Topic: WPA2 protocol vulnerability >=20 > Category: contrib > Module: wpa > Announced: 2017-10-16 > Credits: Mathy Vanhoef > Affects: All supported versions of FreeBSD. > Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) > 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) > 2017-10-17 17:56:03 UTC (releng/11.0, = 11.0-RELEASE-p13) > CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, > CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, > CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > Wi-Fi Protected Access II (WPA2) is a security protocol developed by = the > Wi-Fi Alliance to secure wireless computer networks. >=20 > hostapd and wpa_supplicant are implementations of user space daemon = for > access points and wireless client that implements the WPA2 protocol. >=20 > II. Problem Description >=20 > A vulnerability was found in how a number of implementations can be > triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by > replaying a specific frame that is used to manage the keys. >=20 > III. Impact >=20 > Such reinstallation of the encryption key can result in two different > types of vulnerabilities: disabling replay protection and = significantly > reducing the security of encryption to the point of allowing frames to > be decrypted or some parts of the keys to be determined by an attacker > depending on which cipher is used. >=20 > IV. Workaround >=20 > An updated version of wpa_supplicant is available in the FreeBSD Ports > Collection. Install version 2.6_2 or later of the > security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf > to use the new binary: >=20 > wpa_supplicant_program=3D"/usr/local/sbin/wpa_supplicant" >=20 > and restart networking. >=20 > An updated version of hostapd is available in the FreeBSD Ports > Collection. Install version 2.6_1 or later of the net/hostapd = port/pkg. > Once installed, update /etc/rc.conf to use the new binary: >=20 > hostapd_program=3D"/usr/local/sbin/hostapd" >=20 > and restart hostapd. >=20 > V. Solution >=20 > Patches are currently available for stable/11, releng/11.0, and > releng/11.1. Patches for stable/10, releng/10.3, and releng/10.4 are > still being evaluated. >=20 > Perform one of the following: >=20 > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. >=20 > Restart the Wi-Fi network interfaces/hostapd or reboot the system. >=20 > 2) To update your vulnerable system via a binary patch: >=20 > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install >=20 > Restart the Wi-Fi network interfaces/hostapd or reboot the system. >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE] > # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch > # fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc > # gpg --verify wpa-11.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile the operating system using buildworld and installworld as > described in . >=20 > Restart the applicable daemons, or reboot the system. >=20 > VI. Correction details >=20 > The following list contains the correction revision numbers for each > affected branch. >=20 > Branch/path = Revision > = ------------------------------------------------------------------------- > stable/11/ = r324697 > releng/11.0/ = r324698 > releng/11.1/ = r324699 > = ------------------------------------------------------------------------- >=20 > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: >=20 > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >=20 > Or visit the following URL, replacing NNNNNN with the revision number: >=20 > >=20 > VII. References >=20 > = > >=20 > The latest revision of this advisory is available at > >=20 > _______________________________________________ > freebsd-announce@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to = "freebsd-announce-unsubscribe@freebsd.org"