Bug 25258

Summary: wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: bequimao.de, boulshet, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: wpa_supplicant-2.7-2.mga7.src.rpm CVE:
Status comment:
Attachments: wpa_supplicant: version, services, hardware

Description David Walser 2019-08-10 18:24:22 CEST 
Upstream has issued advisories on April 10 and August 7:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

SAE is enabled in Mageia 7's wpa_supplicant, but not Mageia 6's, and not in hostapd.  Brainpool curves are not supported in Mageia 6's OpenSSL either.  Also, according to the advisories, the default runtime configuration is not vulnerable, so this one probably isn't a big deal.

I've updated Mageia 7's hostapd as well, just to match wpa_supplicant.

Updated packages:
wpa_supplicant-2.9-1.mga7
wpa_supplicant-gui-2.9-1.mga7
hostapd-2.9-1.mga7

from SRPMS:
wpa_supplicant-2.9-1.mga7.src.rpm
hostapd-2.9-1.mga7.src.rpm
Comment 1 GG HH 2019-08-10 19:35:51 CEST 
When started with systemctl, my connection starts and works and then fails a few tens os second later.
In logs :
-- The unit wpa_supplicant.service has entered the 'failed' state with result 'timeout'.


When started manually, it works ok (and stay in foreground)
# INTERFACES=""
# DRIVERS=""
# OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"
# /usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS

Would -B parameter be missing on ExecStart lne in wpa_supplicant.service file ? 

Regards

# cat /usr/lib/systemd/system/wpa_supplicant.service
[Unit]
Description=WPA Supplicant daemon
Before=network.target
After=syslog.target

[Service]
Type=dbus
BusName=fi.epitest.hostap.WPASupplicant
EnvironmentFile=-/etc/sysconfig/wpa_supplicant
ExecStart=/usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS

[Install]
WantedBy=multi-user.target
Alias=dbus-fi.epitest.hostap.WPASupplicant.service
[root@uranus etc]# more /etc/sysconfig/wpa_supplicant
# Use the flag "-i" before each of your interfaces, like so:
#  INTERFACES="-ieth1 -iwlan0"
INTERFACES=""

# Use the flag "-D" before each driver, like so:
#  DRIVERS="-Dwext"
DRIVERS=""

# Other arguments
#   -P   Write pid file to /run/wpa_supplicant.pid 
#        required to return proper codes by init scripts (e.g. double "start" action)
#        -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d
OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"

CC: (none) => boulshet

David Walser 2019-08-10 19:41:03 CEST

CC: (none) => tmb

Comment 2 GG HH 2019-08-10 19:50:19 CEST 
i forgot to mention that i am running Cauldron.
Comment 3 GG HH 2019-08-11 11:54:18 CEST 
Fixed in 2.9.2 by wally
Comment 4 David Walser 2019-08-11 15:46:11 CEST 
Thanks.

Updated packages:
wpa_supplicant-2.9-1.1.mga7
wpa_supplicant-gui-2.9-1.1.mga7
hostapd-2.9-1.mga7

from SRPMS:
wpa_supplicant-2.9-1.1.mga7.src.rpm
hostapd-2.9-1.mga7.src.rpm
Comment 5 Ulrich Beckmann 2019-08-13 21:07:15 CEST 
Created attachment 11253 [details]
wpa_supplicant: version, services, hardware

Tested with Mga7, networkmanager and plasma-applet-nm, mode WPA2-PSK,
IPv4 and IPv6 connected and working ok.

Ulrich

CC: (none) => bequimao.de

David Walser 2019-08-13 22:35:24 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 6 David Walser 2019-08-16 20:22:21 CEST 
Ubuntu has issued an advisory on August 14:
https://usn.ubuntu.com/4098-1/

It adds a new CVE for the issues fixed in 2.9.

Summary: wpa_supplicant new security issue CVE-2019-9494 => wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377

Thomas Backlund 2019-08-31 12:36:04 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2019-08-31 15:24:13 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0229.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED