openSUSE Security Update: Security update for hostapd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0222-1 Rating: moderate References: #1056061 Cross-References: CVE-2017-13082 CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for hostapd fixes the following issues: hostapd was updated to version 2.9: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL Update to version 2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only group 19 (i.e., disable groups 20, 21, 25, 26 from default configuration) and disable all unsuitable groups completely based on REVmd changes - improved anti-clogging token mechanism and SAE authentication frame processing during heavy CPU load; this mitigates some issues with potential DoS attacks trying to flood an AP with large number of SAE messages - added Finite Cyclic Group field in status code 77 responses - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) - fixed confirm message validation in error cases [https://w1.fi/security/2019-3/] (CVE-2019-9496) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify peer scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * Hotspot 2.0 changes - added support for release number 3 - reject release 2 or newer association without PMF * added support for RSN operating channel validation (CONFIG_OCV=y and configuration parameter ocv=1) * added Multi-AP protocol support * added FTM responder configuration * fixed build with LibreSSL * added FT/RRB workaround for short Ethernet frame padding * fixed KEK2 derivation for FILS+FT * added RSSI-based association rejection from OCE * extended beacon reporting functionality * VLAN changes - allow local VLAN management with remote RADIUS authentication - add WPA/WPA2 passphrase/PSK -based VLAN assignment * OpenSSL: allow systemwide policies to be overridden * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * fixed FT and SA Query Action frame with AP-MLME-in-driver cases * OWE: allow Diffie-Hellman Parameter element to be included with DPP in preparation for DPP protocol extension * RADIUS server: started to accept ERP keyName-NAI as user identity automatically without matching EAP database entry * fixed PTK rekeying with FILS and FT wpa_supplicant: * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9499) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT - Enabled CLI editing and history support. Update to version 2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [http://w1.fi/security/2017-1/] (CVE-2017-13082) (boo#1056061) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * FT: - added local generation of PMK-R0/PMK-R1 for FT-PSK (ft_psk_generate_local=1) - replaced inter-AP protocol with a cleaner design that is more easily extensible; this breaks backward compatibility and requires all APs in the ESS to be updated at the same time to maintain FT functionality - added support for wildcard R0KH/R1KH - replaced r0_key_lifetime (minutes) parameter with ft_r0_key_lifetime (seconds) - fixed wpa_psk_file use for FT-PSK - fixed FT-SAE PMKID matching - added expiration to PMK-R0 and PMK-R1 cache - added IEEE VLAN support (including tagged VLANs) - added support for SHA384 based AKM * SAE - fixed some PMKSA caching cases with SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - added option to require MFP for SAE associations (sae_require_pmf=1) - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier * hostapd_cli: added support for command history and completion * added support for requesting beacon report * large number of other fixes, cleanup, and extensions * added option to configure EAPOL-Key retry limits (wpa_group_update_count and wpa_pairwise_update_count) * removed all PeerKey functionality * fixed nl80211 AP mode configuration regression with Linux 4.15 and newer * added support for using wolfSSL cryptographic library * fixed some 20/40 MHz coexistence cases where the BSS could drop to 20 MHz even when 40 MHz would be allowed * Hotspot 2.0 - added support for setting Venue URL ANQP-element (venue_url) - added support for advertising Hotspot 2.0 operator icons - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS * added support for using OpenSSL 1.1.1 * added EAP-pwd server support for salted passwords Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-222=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-222=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2020-222=1 Package List: - openSUSE Leap 15.1 (x86_64): hostapd-2.9-lp151.4.3.1 hostapd-debuginfo-2.9-lp151.4.3.1 hostapd-debugsource-2.9-lp151.4.3.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): hostapd-2.9-bp151.5.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): hostapd-2.9-bp150.15.1 hostapd-debuginfo-2.9-bp150.15.1 hostapd-debugsource-2.9-bp150.15.1 References: https://www.suse.com/security/cve/CVE-2017-13082.html https://www.suse.com/security/cve/CVE-2019-9494.html https://www.suse.com/security/cve/CVE-2019-9495.html https://www.suse.com/security/cve/CVE-2019-9496.html https://www.suse.com/security/cve/CVE-2019-9497.html https://www.suse.com/security/cve/CVE-2019-9498.html https://www.suse.com/security/cve/CVE-2019-9499.html https://bugzilla.suse.com/1056061 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org