[SECURITY] Fedora 26 Update: wpa_supplicant-2.6-11.fc26

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-60bfb576b7 2017-10-16 15:51:47.723173 -------------------------------------------------------------------------------- Name : wpa_supplicant Product : Fedora 26 Version : 2.6 Release : 11.fc26 URL : http://w1.fi/wpa_supplicant/ Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. -------------------------------------------------------------------------------- Update Information: Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) - Prevent installation of an all-zero TK - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messa... Details and the paper: https://www.krackattacks.com/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame https://bugzilla.redhat.com/show_bug.cgi?id=1500304 [ 2 ] Bug #1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame https://bugzilla.redhat.com/show_bug.cgi?id=1500303 [ 3 ] Bug #1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it https://bugzilla.redhat.com/show_bug.cgi?id=1491698 [ 4 ] Bug #1491697 - CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491697 [ 5 ] Bug #1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491696 [ 6 ] Bug #1491694 - CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491694 [ 7 ] Bug #1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491693 [ 8 ] Bug #1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake https://bugzilla.redhat.com/show_bug.cgi?id=1491692 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade wpa_supplicant' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------