wpa_supplicant-2.9-13.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11515 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z wpa_supplicant-2.9-13.4 on GA media These are all security issues fixed in the wpa_supplicant-2.9-13.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11515 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11515 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2015-8041/ SUSE CVE CVE-2015-8041 page https://www.suse.com/security/cve/CVE-2017-13077/ SUSE CVE CVE-2017-13077 page https://www.suse.com/security/cve/CVE-2017-13078/ SUSE CVE CVE-2017-13078 page https://www.suse.com/security/cve/CVE-2017-13079/ SUSE CVE CVE-2017-13079 page https://www.suse.com/security/cve/CVE-2017-13086/ SUSE CVE CVE-2017-13086 page https://www.suse.com/security/cve/CVE-2018-14526/ SUSE CVE CVE-2018-14526 page https://www.suse.com/security/cve/CVE-2019-11555/ SUSE CVE CVE-2019-11555 page https://www.suse.com/security/cve/CVE-2019-13377/ SUSE CVE CVE-2019-13377 page https://www.suse.com/security/cve/CVE-2019-16275/ SUSE CVE CVE-2019-16275 page https://www.suse.com/security/cve/CVE-2019-9494/ SUSE CVE CVE-2019-9494 page https://www.suse.com/security/cve/CVE-2019-9495/ SUSE CVE CVE-2019-9495 page https://www.suse.com/security/cve/CVE-2019-9497/ SUSE CVE CVE-2019-9497 page https://www.suse.com/security/cve/CVE-2019-9499/ SUSE CVE CVE-2019-9499 page https://www.suse.com/security/cve/CVE-2021-0326/ SUSE CVE CVE-2021-0326 page https://www.suse.com/security/cve/CVE-2021-27803/ SUSE CVE CVE-2021-27803 page https://www.suse.com/security/cve/CVE-2021-30004/ SUSE CVE CVE-2021-30004 page openSUSE Tumbleweed wpa_supplicant-2.9-13.4 wpa_supplicant-gui-2.9-13.4 wpa_supplicant-2.9-13.4 as a component of openSUSE Tumbleweed wpa_supplicant-gui-2.9-13.4 as a component of openSUSE Tumbleweed Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. CVE-2015-8041 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8041.html CVE-2015-8041 https://bugzilla.suse.com/937419 SUSE Bug 937419 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVE-2017-13077 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13077.html CVE-2017-13077 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063963 SUSE Bug 1063963 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13078 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13078.html CVE-2017-13078 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. CVE-2017-13079 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13079.html CVE-2017-13079 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. CVE-2017-13086 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13086.html CVE-2017-13086 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. CVE-2018-14526 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14526.html CVE-2018-14526 https://bugzilla.suse.com/1104205 SUSE Bug 1104205 The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. CVE-2019-11555 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11555.html CVE-2019-11555 https://bugzilla.suse.com/1133640 SUSE Bug 1133640 The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. CVE-2019-13377 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13377.html CVE-2019-13377 https://bugzilla.suse.com/1144443 SUSE Bug 1144443 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. CVE-2019-16275 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-16275.html CVE-2019-16275 https://bugzilla.suse.com/1150934 SUSE Bug 1150934 The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. CVE-2019-9494 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9494.html CVE-2019-9494 https://bugzilla.suse.com/1131291 SUSE Bug 1131291 https://bugzilla.suse.com/1131868 SUSE Bug 1131868 https://bugzilla.suse.com/1194732 SUSE Bug 1194732 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVE-2019-9495 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9495.html CVE-2019-9495 https://bugzilla.suse.com/1131291 SUSE Bug 1131291 https://bugzilla.suse.com/1131870 SUSE Bug 1131870 https://bugzilla.suse.com/1194733 SUSE Bug 1194733 The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVE-2019-9497 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9497.html CVE-2019-9497 https://bugzilla.suse.com/1131871 SUSE Bug 1131871 https://bugzilla.suse.com/1131872 SUSE Bug 1131872 https://bugzilla.suse.com/1131874 SUSE Bug 1131874 The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. CVE-2019-9499 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9499.html CVE-2019-9499 https://bugzilla.suse.com/1131871 SUSE Bug 1131871 https://bugzilla.suse.com/1131872 SUSE Bug 1131872 https://bugzilla.suse.com/1131874 SUSE Bug 1131874 In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 CVE-2021-0326 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-0326.html CVE-2021-0326 https://bugzilla.suse.com/1181777 SUSE Bug 1181777 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. CVE-2021-27803 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27803.html CVE-2021-27803 https://bugzilla.suse.com/1182805 SUSE Bug 1182805 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVE-2021-30004 openSUSE Tumbleweed:wpa_supplicant-2.9-13.4 openSUSE Tumbleweed:wpa_supplicant-gui-2.9-13.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30004.html CVE-2021-30004 https://bugzilla.suse.com/1184348 SUSE Bug 1184348