Bug 25258 - wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377
Summary: wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-10 18:24 CEST by David Walser
Modified: 2019-08-16 20:22 CEST (History)
3 users (show)

See Also:
Source RPM: wpa_supplicant-2.7-2.mga7.src.rpm
CVE:
Status comment:


Attachments
wpa_supplicant: version, services, hardware (2.68 KB, text/plain)
2019-08-13 21:07 CEST, Ulrich Beckmann
Details

Description David Walser 2019-08-10 18:24:22 CEST
Upstream has issued advisories on April 10 and August 7:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

SAE is enabled in Mageia 7's wpa_supplicant, but not Mageia 6's, and not in hostapd.  Brainpool curves are not supported in Mageia 6's OpenSSL either.  Also, according to the advisories, the default runtime configuration is not vulnerable, so this one probably isn't a big deal.

I've updated Mageia 7's hostapd as well, just to match wpa_supplicant.

Updated packages:
wpa_supplicant-2.9-1.mga7
wpa_supplicant-gui-2.9-1.mga7
hostapd-2.9-1.mga7

from SRPMS:
wpa_supplicant-2.9-1.mga7.src.rpm
hostapd-2.9-1.mga7.src.rpm
Comment 1 GG HH 2019-08-10 19:35:51 CEST
When started with systemctl, my connection starts and works and then fails a few tens os second later.
In logs :
-- The unit wpa_supplicant.service has entered the 'failed' state with result 'timeout'.


When started manually, it works ok (and stay in foreground)
# INTERFACES=""
# DRIVERS=""
# OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"
# /usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS

Would -B parameter be missing on ExecStart lne in wpa_supplicant.service file ? 

Regards

# cat /usr/lib/systemd/system/wpa_supplicant.service
[Unit]
Description=WPA Supplicant daemon
Before=network.target
After=syslog.target

[Service]
Type=dbus
BusName=fi.epitest.hostap.WPASupplicant
EnvironmentFile=-/etc/sysconfig/wpa_supplicant
ExecStart=/usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS

[Install]
WantedBy=multi-user.target
Alias=dbus-fi.epitest.hostap.WPASupplicant.service
[root@uranus etc]# more /etc/sysconfig/wpa_supplicant
# Use the flag "-i" before each of your interfaces, like so:
#  INTERFACES="-ieth1 -iwlan0"
INTERFACES=""

# Use the flag "-D" before each driver, like so:
#  DRIVERS="-Dwext"
DRIVERS=""

# Other arguments
#   -P   Write pid file to /run/wpa_supplicant.pid 
#        required to return proper codes by init scripts (e.g. double "start" action)
#        -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d
OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"

CC: (none) => boulshet

David Walser 2019-08-10 19:41:03 CEST

CC: (none) => tmb

Comment 2 GG HH 2019-08-10 19:50:19 CEST
i forgot to mention that i am running Cauldron.
Comment 3 GG HH 2019-08-11 11:54:18 CEST
Fixed in 2.9.2 by wally
Comment 4 David Walser 2019-08-11 15:46:11 CEST
Thanks.

Updated packages:
wpa_supplicant-2.9-1.1.mga7
wpa_supplicant-gui-2.9-1.1.mga7
hostapd-2.9-1.mga7

from SRPMS:
wpa_supplicant-2.9-1.1.mga7.src.rpm
hostapd-2.9-1.mga7.src.rpm
Comment 5 Ulrich Beckmann 2019-08-13 21:07:15 CEST
Created attachment 11253 [details]
wpa_supplicant: version, services, hardware

Tested with Mga7, networkmanager and plasma-applet-nm, mode WPA2-PSK,
IPv4 and IPv6 connected and working ok.

Ulrich

CC: (none) => bequimao.de

David Walser 2019-08-13 22:35:24 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 6 David Walser 2019-08-16 20:22:21 CEST
Ubuntu has issued an advisory on August 14:
https://usn.ubuntu.com/4098-1/

It adds a new CVE for the issues fixed in 2.9.

Summary: wpa_supplicant new security issue CVE-2019-9494 => wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377


Note You need to log in before you can comment on or make changes to this bug.