Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <1541846576.3542.38.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #905762,
regarding stretch-pu: package wpa/2:2.4-1+deb9u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
905762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I would like to fix CVE-2018-14526 (#905739) in stable:
CVE-2018-14526[0]:
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
| through 2.6. Under certain conditions, the integrity of EAPOL-Key
| messages is not checked, leading to a decryption oracle. An attacker
| within range of the Access Point and client can abuse the
| vulnerability to recover sensitive information.
This is a low priority security issue, and doesn't require a DSA.
[0] https://security-tracker.debian.org/tracker/CVE-2018-14526
- --
Cheers,
Andrej
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAltr7cYUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJcBQf8DDHe13GBx0EcUcvla6Z0wWQvsEVq
P8tqJiYde1Z1MkJ1d8Ff9DU2NlBH302CuCZGE/eUh0g2gQuGKJ0aIMNsBywGQPnM
0Bgb7ggepVbMOLTJCC80vB9jpH5dxmP5Ae9gNP8csEUulFmIZsTR/nUCH6+9lh3j
018emZVCZl8dTrf6yf25/TJoeGCZYYxOBeSKLHlDC28dEouUMCJYzRRb6R+duhjE
crQ6g5b0+7j2+ltevI0R1SB3vBFMVGq3MVdfNCh4H81Q3PwghodDejOeaKIwI9wX
WMTohAFYFUfntQMNEnkTVYXZscTYfU5Zj+GA3z0EM1MRmFMZQaQseww0KQ==
=I3Kc
-----END PGP SIGNATURE-----
diff -Nru wpa-2.4/debian/changelog wpa-2.4/debian/changelog
--- wpa-2.4/debian/changelog 2017-10-14 14:18:32.000000000 +0200
+++ wpa-2.4/debian/changelog 2018-08-09 09:23:49.000000000 +0200
@@ -1,3 +1,11 @@
+wpa (2:2.4-1+deb9u2) stretch; urgency=high
+
+ * SECURITY UPDATE:
+ - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data
+ (Closes: #905739)
+
+ -- Andrej Shadura <andre...@debian.org> Thu, 09 Aug 2018 09:23:49 +0200
+
wpa (2:2.4-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru
wpa-2.4/debian/patches/CVE-2018-14526/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
wpa-2.4/debian/patches/CVE-2018-14526/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
---
wpa-2.4/debian/patches/CVE-2018-14526/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
1970-01-01 01:00:00.000000000 +0100
+++
wpa-2.4/debian/patches/CVE-2018-14526/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
2018-08-09 09:17:22.000000000 +0200
@@ -0,0 +1,44 @@
+From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be>
+Date: Sun, 15 Jul 2018 01:25:53 +0200
+Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
+
+Ignore unauthenticated encrypted EAPOL-Key data in supplicant
+processing. When using WPA2, these are frames that have the Encrypted
+flag set, but not the MIC flag.
+
+When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
+not the MIC flag, had their data field decrypted without first verifying
+the MIC. In case the data field was encrypted using RC4 (i.e., when
+negotiating TKIP as the pairwise cipher), this meant that
+unauthenticated but decrypted data would then be processed. An adversary
+could abuse this as a decryption oracle to recover sensitive information
+in the data field of EAPOL-Key messages (e.g., the group key).
+(CVE-2018-14526)
+
+Signed-off-by: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be>
+---
+ src/rsn_supp/wpa.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c
wpa_supplicant-2.6/src/rsn_supp/wpa.c
+--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000
+0300
++++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029
+0300
+@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
+
+ if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+ (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
++ /*
++ * Only decrypt the Key Data field if the frame's authenticity
++ * was verified. When using AES-SIV (FILS), the MIC flag is not
++ * set, so this check should only be performed if mic_len != 0
++ * which is the case in this code branch.
++ */
++ if (!(key_info & WPA_KEY_INFO_MIC)) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Ignore EAPOL-Key with encrypted but
unauthenticated data");
++ goto out;
++ }
+ if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
+ &key_data_len))
+ goto out;
diff -Nru wpa-2.4/debian/patches/series wpa-2.4/debian/patches/series
--- wpa-2.4/debian/patches/series 2017-10-14 14:16:40.000000000 +0200
+++ wpa-2.4/debian/patches/series 2018-08-09 09:17:41.000000000 +0200
@@ -45,3 +45,4 @@
2017-1/0010-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
2017-1/0011-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
2017-1/0012-TDLS-Ignore-incoming-TDLS-Setup-Response-retries.patch
+CVE-2018-14526/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
--- End Message ---
--- Begin Message ---
Version: 9.6
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
