3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

12148 commits

Author SHA1 Message Date
Martin Weinelt 3e9f3a3ebd
hostapd: apply patch for CVE-2019-16275
AP mode PMF disconnection protection bypass

Published: September 11, 2019
Identifiers:
- CVE-2019-16275
Latest version available from: https://w1.fi/security/2019-7/

Vulnerability

hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this type
of issues. It should be noted that if PMF is not enabled, there would be
no protocol level protection against this type of denial service
attacks.

An attacker in radio range of the access point could inject a specially
constructed unauthenticated IEEE 802.11 frame to the access point to
cause associated stations to be disconnected and require a reconnection
to the network.

Vulnerable versions/configurations

All hostapd and wpa_supplicants versions with PMF support
(CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
PMF being enabled (optional or required). In addition, this would be
applicable only when using user space based MLME/SME in AP mode, i.e.,
when hostapd (or wpa_supplicant when controlling AP mode) would process
authentication and association management frames. This condition would
be applicable mainly with drivers that use mac80211.

Possible mitigation steps

- Merge the following commit to wpa_supplicant/hostapd and rebuild:

  AP: Silently ignore management frame from unexpected source address

  This patch is available from https://w1.fi/security/2019-7/

- Update to wpa_supplicant/hostapd v2.10 or newer, once available
2020-04-25 14:35:20 +02:00
Maximilian Bosch 61c95a2eec
iwd: 1.6 -> 1.7 2020-04-25 12:13:01 +02:00
Maximilian Bosch 74fcd4f2d6
ell: 0.30 -> 0.31 2020-04-25 12:12:54 +02:00
Austin Seipp d403911451
linux_testing: 5.6-rc7 -> 5.7-rc2
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-04-24 10:58:31 -05:00
Michael Weiss 34276b84c5
nvme-cli: 1.10.1 -> 1.11.1 2020-04-24 17:56:08 +02:00
Jörg Thalheim 16e4b9ca69
Merge pull request #85880 from emilazy/linux-hardened-update-resilience 2020-04-24 12:24:23 +01:00
Savanni D'Gerinel 4db7911b5b Set version to 0.0.1
ZenStates-Linux doesn't actually have a version, so I'm setting the
version to 0.0.1 in case the developer eventually does start doing
releases.
2020-04-23 22:17:30 -04:00
Savanni D'Gerinel bfe072dc4b Add a Zenstates derivation 2020-04-23 22:08:34 -04:00
Emily 2c1db9649e linux_*_hardened: index patches by major kernel version
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
2020-04-23 18:50:26 +01:00
Jörg Thalheim 6dfd563633
linux_latest-hardened: fix evaluation 2020-04-23 16:45:06 +01:00
Jörg Thalheim 1bceaa1cee
linux_hardened: fix evaluation 2020-04-23 15:52:14 +01:00
Tim Steinbach 45c22565f6
linux: 5.6.6 -> 5.6.7 2020-04-23 08:17:15 -04:00
Tim Steinbach 2f10053834
linux: 5.4.34 -> 5.4.35 2020-04-23 08:17:06 -04:00
Tim Steinbach 62a608fd63
linux: 4.19.117 -> 4.19.118 2020-04-23 08:16:58 -04:00
Frederik Rietdijk cff0669a48 Merge master into staging-next 2020-04-23 08:11:16 +02:00
Tim Steinbach 629068fe5b
linux_latest-libre: 17402 -> 17445 2020-04-22 19:40:01 -04:00
kraem fca903c7dd
linux/hardened-patches/4.19.117: init at 4.19.117.a 2020-04-22 02:12:28 +02:00
kraem 99f30a5635
linux/hardened-patches/5.4.34: init at 5.4.34.a 2020-04-22 02:12:25 +02:00
kraem 3c81b3df4e
linux/hardened-patches/5.5.19: init at 5.5.19.a 2020-04-22 02:12:21 +02:00
kraem c8b5e37764
linux/hardened-patches/5.6.6: init at 5.6.6.a 2020-04-22 02:12:17 +02:00
kraem efafc50f5c
linux/hardened-patches/4.19.116: remove 2020-04-21 22:18:03 +02:00
kraem 8f2e9fcadd
linux/hardened-patches/5.5.18: remove 2020-04-21 22:18:03 +02:00
kraem 9ed70f4e46
linux/hardened-patches/5.6.5: remove 2020-04-21 22:18:03 +02:00
kraem 15807c58ad
linux/hardened-patches/5.4.33: remove 2020-04-21 22:18:02 +02:00
kraem c9cf25bc61
linux: 5.6.5 -> 5.6.6 2020-04-21 21:59:59 +02:00
kraem 1e23dcbf22
linux: 5.5.18 -> 5.5.19 2020-04-21 21:59:22 +02:00
kraem 18c2b5a9aa
linux: 5.4.33 -> 5.4.34 2020-04-21 21:58:45 +02:00
kraem e074301be8
linux: 4.19.116 -> 4.19.117 2020-04-21 21:58:03 +02:00
Linus Heckemann 6673a4988e
gnupg: use libusb1 (#85374)
* gnupg: use libusb1

This fixes scdaemon's direct ccid support.

* systemd: fix gnupg-minimal
2020-04-21 08:35:40 +02:00
Frederik Rietdijk 803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
oxalica 7760cff5d7 util-linux: 2.33.2 -> 2.35.1 2020-04-21 08:12:29 +02:00
kraem 523fe98821 linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a 2020-04-20 10:05:36 -04:00
kraem 45343beffe linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a 2020-04-20 10:05:36 -04:00
kraem 48d908b731 linux/hardened-patches/5.5.18: init at 5.5.18.a 2020-04-20 10:05:36 -04:00
kraem 0fd9293703 linux/hardened-patches/5.6.5: init at 5.6.5.a 2020-04-20 10:05:36 -04:00
kraem e7a65e6c41 linux/hardened-patches/5.5.17: remove 2020-04-20 10:05:36 -04:00
kraem eb41f8122e linux/hardened-patches/5.6.4: remove 2020-04-20 10:05:36 -04:00
kraem 8879086cfc linux: 5.5.17 -> 5.5.18 2020-04-20 10:05:36 -04:00
kraem 4307923b86 linux: 5.6.4 -> 5.6.5 2020-04-20 10:05:36 -04:00
Yegor Timoshenko 6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Peter Simons 00222dbb0e bbswitch: fix build with Linux kernel version >= 5.6.0
Fixes https://github.com/NixOS/nixpkgs/issues/85564.
2020-04-19 16:25:48 +02:00
Maximilian Bosch 19de59a9be
Merge pull request #85334 from flokli/systemd-mainline2
systemd: 243.7 -> 245
2020-04-19 16:02:52 +02:00
Vladimír Čunát e233a9d4dd
Merge #84442: staging-next branch 2020-04-18 23:11:00 +02:00
John Ericson 1ea80c2cc3 Merge remote-tracking branch 'upstream/master' into staging 2020-04-18 15:40:49 -04:00
Jan Tojnar 09c4736405
Merge pull request #83755 from jtojnar/jcat-0.1 2020-04-18 20:38:24 +02:00
Mario Rodas e5dd52b99d
Merge pull request #85422 from marsam/update-lxc
lxc: 4.0.1 -> 4.0.2
2020-04-18 13:24:22 -05:00
Jan Tojnar 06e5800a73
fwupd: 1.3.9 → 1.4.0
https://github.com/fwupd/fwupd/releases/tag/1.4.0
2020-04-18 19:51:08 +02:00
Pavol Rusnak fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
Vladimír Čunát d96487b9ca
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
John Ericson cc880cd91f Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:50:55 -04:00