Synopsis
The remote openSUSE host is missing a security update.
Description
This update for hostapd fixes the following issues :
- Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088) :
Hostap was updated to upstream release 2.6
- fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314)
- fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476)
- extended channel switch support for VHT bandwidth changes
- added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload>
- fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior)
- added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached
- added option (-S as command line argument) to request all interfaces to be started at the same time
- modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation
- EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer)
- fixed EAPOL reauthentication after FT protocol run
- fixed FTIE generation for 4-way handshake after FT protocol run
- fixed and improved various FST operations
- TLS server
- support SHA384 and SHA512 hashes
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
- added support for OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
- EAP-PEAP: support fast-connect crypto binding
- RADIUS
- fix Called-Station-Id to not escape SSID
- add Event-Timestamp to all Accounting-Request packets
- add Acct-Session-Id to Accounting-On/Off
- add Acct-Multi-Session-Id ton Access-Request packets
- add Service-Type (= Frames)
- allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case
- update full message for interim accounting updates
- add Acct-Delay-Time into Accounting messages
- add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated
- started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake
- VHT: added interoperability workaround for 80+80 and 160 MHz channels
- extended VLAN support (per-STA vif, etc.)
- fixed PMKID derivation with SAE
- nl80211
- added support for full station state operations
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames
- added initial MBO support; number of extensions to WNM BSS Transition Management
- added initial functionality for location related operations
- added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames
- improved Public Action frame addressing
- use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address
- fix TX status processing for Address 3 = wildcard BSSID
- add gas_address3 configuration parameter to control Address 3 behavior
- added command line parameter -i to override interface parameter in hostapd.conf
- added command completion support to hostapd_cli
- added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and 'SIGNATURE <addr>' control interface command)
- number of small fixes
hostapd was updated to upstream release 2.5
- (CVE-2015-1863) is fixed in upstream release 2.5
- fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 boo#930077)
- fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 boo#930078)
- fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, boo#930079)
- fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/]
- nl80211 :
- fixed vendor command handling to check OUI properly
- fixed hlr_auc_gw build with OpenSSL
- hlr_auc_gw: allow Milenage RES length to be reduced
- disable HT for a station that does not support WMM/QoS
- added support for hashed password (NtHash) in EAP-pwd server
- fixed and extended dynamic VLAN cases
- added EAP-EKE server support for deriving Session-Id
- set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock
- added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
- modified SAE routines to be more robust and PWE generation to be stronger against timing attacks
- added support for Brainpool Elliptic Curves with SAE
- increases maximum value accepted for cwmin/cwmax
- added support for CCMP-256 and GCMP-256 as group ciphers with FT
- added Fast Session Transfer (FST) module
- removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4)
- added EAP server support for TLS session resumption
- fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version)
- added mechanism to track unconnected stations and do minimal band steering
- number of small fixes
Solution
Update the affected hostapd packages.
Plugin Details
File Name: openSUSE-2017-1201.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:hostapd-debuginfo, p-cpe:/a:novell:opensuse:hostapd, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:hostapd-debugsource, cpe:/o:novell:opensuse:42.3
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 10/27/2017
Reference Information
CVE: CVE-2015-1863, CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-5314, CVE-2016-4476, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088