Security update for wpa_supplicant SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2755-1 Final 1 1 2017-10-18T07:58:56Z current 2017-10-18T07:58:56Z 2017-10-18T07:58:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wpa_supplicant This update for wpa_supplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html E-Mail link for openSUSE-SU-2017:2755-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 wpa_supplicant-2.2-13.1 wpa_supplicant-gui-2.2-13.1 wpa_supplicant-2.2-13.1 as a component of openSUSE Leap 42.2 wpa_supplicant-gui-2.2-13.1 as a component of openSUSE Leap 42.2 wpa_supplicant-2.2-13.1 as a component of openSUSE Leap 42.3 wpa_supplicant-gui-2.2-13.1 as a component of openSUSE Leap 42.3 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13078 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13078.html CVE-2017-13078 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVE-2017-13079 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13079.html CVE-2017-13079 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13080 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13080.html CVE-2017-13080 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 https://bugzilla.suse.com/1063671 SUSE Bug 1063671 https://bugzilla.suse.com/1066295 SUSE Bug 1066295 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1178872 SUSE Bug 1178872 Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVE-2017-13081 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13081.html CVE-2017-13081 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1066295 SUSE Bug 1066295 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13087 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13087.html CVE-2017-13087 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13088 openSUSE Leap 42.2:wpa_supplicant-2.2-13.1 openSUSE Leap 42.2:wpa_supplicant-gui-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-2.2-13.1 openSUSE Leap 42.3:wpa_supplicant-gui-2.2-13.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html https://www.suse.com/security/cve/CVE-2017-13088.html CVE-2017-13088 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479