Update Info

openSUSE-2020-222


Security update for hostapd


Type: security
Severity: moderate
Issued: 2020-02-15
Description:
This update for hostapd fixes the following issues:

hostapd was updated to version 2.9:

* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
    [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
  determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
  fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL

Update to version 2.8
* SAE changes
  - added support for SAE Password Identifier
  - changed default configuration to enable only group 19
    (i.e., disable groups 20, 21, 25, 26 from default configuration) and
    disable all unsuitable groups completely based on REVmd changes
  - improved anti-clogging token mechanism and SAE authentication
    frame processing during heavy CPU load; this mitigates some issues
    with potential DoS attacks trying to flood an AP with large number
    of SAE messages
  - added Finite Cyclic Group field in status code 77 responses
  - reject use of unsuitable groups based on new implementation guidance
    in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
    groups with prime >= 256)
  - minimize timing and memory use differences in PWE derivation
    [https://w1.fi/security/2019-1/] (CVE-2019-9494)
  - fixed confirm message validation in error cases
    [https://w1.fi/security/2019-3/] (CVE-2019-9496)
* EAP-pwd changes
  - minimize timing and memory use differences in PWE derivation
    [https://w1.fi/security/2019-2/] (CVE-2019-9495)
  - verify peer scalar/element
    [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498)
  - fix message reassembly issue with unexpected fragment
    [https://w1.fi/security/2019-5/]
  - enforce rand,mask generation rules more strictly
  - fix a memory leak in PWE derivation
  - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
    27)
* Hotspot 2.0 changes
  - added support for release number 3
  - reject release 2 or newer association without PMF
* added support for RSN operating channel validation
  (CONFIG_OCV=y and configuration parameter ocv=1)
* added Multi-AP protocol support
* added FTM responder configuration
* fixed build with LibreSSL
* added FT/RRB workaround for short Ethernet frame padding
* fixed KEK2 derivation for FILS+FT
* added RSSI-based association rejection from OCE
* extended beacon reporting functionality
* VLAN changes
  - allow local VLAN management with remote RADIUS authentication
  - add WPA/WPA2 passphrase/PSK -based VLAN assignment
* OpenSSL: allow systemwide policies to be overridden
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
  for PSK (wps_cred_add_sae=1)
* fixed FT and SA Query Action frame with AP-MLME-in-driver cases
* OWE: allow Diffie-Hellman Parameter element to be included with DPP
  in preparation for DPP protocol extension
* RADIUS server: started to accept ERP keyName-NAI as user identity
  automatically without matching EAP database entry
* fixed PTK rekeying with FILS and FT

wpa_supplicant:
* SAE changes
  - added support for SAE Password Identifier
  - changed default configuration to enable only groups 19, 20, 21
    (i.e., disable groups 25 and 26) and disable all unsuitable groups
    completely based on REVmd changes
  - do not regenerate PWE unnecessarily when the AP uses the
    anti-clogging token mechanisms
  - fixed some association cases where both SAE and FT-SAE were enabled
    on both the station and the selected AP
  - started to prefer FT-SAE over SAE AKM if both are enabled
  - started to prefer FT-SAE over FT-PSK if both are enabled
  - fixed FT-SAE when SAE PMKSA caching is used
  - reject use of unsuitable groups based on new implementation guidance
    in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
    groups with prime >= 256)
  - minimize timing and memory use differences in PWE derivation
    [https://w1.fi/security/2019-1/] (CVE-2019-9494)
* EAP-pwd changes
  - minimize timing and memory use differences in PWE derivation
    [https://w1.fi/security/2019-2/] (CVE-2019-9495)
  - verify server scalar/element
    [https://w1.fi/security/2019-4/] (CVE-2019-9499)
  - fix message reassembly issue with unexpected fragment
    [https://w1.fi/security/2019-5/]
  - enforce rand,mask generation rules more strictly
  - fix a memory leak in PWE derivation
  - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
    27)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
  - do not indicate release number that is higher than the one
    AP supports
  - added support for release number 3
  - enable PMF automatically for network profiles created from
    credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
  (CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
  using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
  are enabled
* extended nl80211 Connect and external authentication to support
  SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
  encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
  4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
  for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
  IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT

- Enabled CLI editing and history support.

Update to version 2.7

* fixed WPA packet number reuse with replayed messages and key
  reinstallation
  [http://w1.fi/security/2017-1/] (CVE-2017-13082) (boo#1056061)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
  and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* FT:
  - added local generation of PMK-R0/PMK-R1 for FT-PSK
    (ft_psk_generate_local=1)
  - replaced inter-AP protocol with a cleaner design that is more
    easily extensible; this breaks backward compatibility and requires
    all APs in the ESS to be updated at the same time to maintain FT
    functionality
  - added support for wildcard R0KH/R1KH
  - replaced r0_key_lifetime (minutes) parameter with
    ft_r0_key_lifetime (seconds)
  - fixed wpa_psk_file use for FT-PSK
  - fixed FT-SAE PMKID matching
  - added expiration to PMK-R0 and PMK-R1 cache
  - added IEEE VLAN support (including tagged VLANs)
  - added support for SHA384 based AKM
* SAE
  - fixed some PMKSA caching cases with SAE
  - added support for configuring SAE password separately of the
    WPA2 PSK/passphrase
  - added option to require MFP for SAE associations
    (sae_require_pmf=1)
  - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
    for SAE;
    note: this is not backwards compatible, i.e., both the AP and
    station side implementations will need to be update at the same
    time to maintain interoperability
  - added support for Password Identifier
* hostapd_cli: added support for command history and completion
* added support for requesting beacon report
* large number of other fixes, cleanup, and extensions
* added option to configure EAPOL-Key retry limits
  (wpa_group_update_count and wpa_pairwise_update_count)
* removed all PeerKey functionality
* fixed nl80211 AP mode configuration regression with Linux 4.15 and
  newer
* added support for using wolfSSL cryptographic library
* fixed some 20/40 MHz coexistence cases where the BSS could drop to
  20 MHz even when 40 MHz would be allowed
* Hotspot 2.0
  - added support for setting Venue URL ANQP-element (venue_url)
  - added support for advertising Hotspot 2.0 operator icons
  - added support for Roaming Consortium Selection element
  - added support for Terms and Conditions
  - added support for OSEN connection in a shared RSN BSS
* added support for using OpenSSL 1.1.1
* added EAP-pwd server support for salted passwords



              

Packages


  • hostapd-2.9-bp151.5.3.1