openSUSE Security Update: Security update for hostapd
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:0222-1
Rating:             moderate
References:         #1056061 
Cross-References:   CVE-2017-13082 CVE-2019-9494 CVE-2019-9495
                    CVE-2019-9496 CVE-2019-9497 CVE-2019-9498
                    CVE-2019-9499
Affected Products:
                    openSUSE Leap 15.1
                    openSUSE Backports SLE-15-SP1
                    openSUSE Backports SLE-15
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:

   This update for hostapd fixes the following issues:

   hostapd was updated to version 2.9:

   * SAE changes
     - disable use of groups using Brainpool curves
     - improved protection against side channel attacks
       [https://w1.fi/security/2019-6/
   * EAP-pwd changes
     - disable use of groups using Brainpool curves
     - improved protection against side channel attacks
       [https://w1.fi/security/2019-6/
   * fixed FT-EAP initial mobility domain association using PMKSA caching
   * added configuration of airtime policy
   * fixed FILS to and RSNE into (Re)Association Response frames
   * fixed DPP bootstrapping URI parser of channel list
   * added support for regulatory WMM limitation (for ETSI)
   * added support for MACsec Key Agreement using IEEE 802.1X/PSK
   * added experimental support for EAP-TEAP server (RFC 7170)
   * added experimental support for EAP-TLS server with TLS v1.3
   * added support for two server certificates/keys (RSA/ECC)
   * added AKMSuiteSelector into "STA " control interface data to
     determine with AKM was used for an association
   * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
     fast reauthentication use to be disabled
   * fixed an ECDH operation corner case with OpenSSL

   Update to version 2.8
   * SAE changes
     - added support for SAE Password Identifier
     - changed default configuration to enable only group 19 (i.e., disable
       groups 20, 21, 25, 26 from default configuration) and disable all
       unsuitable groups completely based on REVmd changes
     - improved anti-clogging token mechanism and SAE authentication frame
       processing during heavy CPU load; this mitigates some issues with
       potential DoS attacks trying to flood an AP with large number
       of SAE messages
     - added Finite Cyclic Group field in status code 77 responses
     - reject use of unsuitable groups based on new implementation guidance
       in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups
       with prime >= 256)
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-1/ (CVE-2019-9494)
     - fixed confirm message validation in error cases
       [https://w1.fi/security/2019-3/ (CVE-2019-9496)
   * EAP-pwd changes
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-2/ (CVE-2019-9495)
     - verify peer scalar/element [https://w1.fi/security/2019-4/
       (CVE-2019-9497 and CVE-2019-9498)
     - fix message reassembly issue with unexpected fragment
       [https://w1.fi/security/2019-5/
     - enforce rand,mask generation rules more strictly
     - fix a memory leak in PWE derivation
     - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)
   * Hotspot 2.0 changes
     - added support for release number 3
     - reject release 2 or newer association without PMF
   * added support for RSN operating channel validation (CONFIG_OCV=y and
     configuration parameter ocv=1)
   * added Multi-AP protocol support
   * added FTM responder configuration
   * fixed build with LibreSSL
   * added FT/RRB workaround for short Ethernet frame padding
   * fixed KEK2 derivation for FILS+FT
   * added RSSI-based association rejection from OCE
   * extended beacon reporting functionality
   * VLAN changes
     - allow local VLAN management with remote RADIUS authentication
     - add WPA/WPA2 passphrase/PSK -based VLAN assignment
   * OpenSSL: allow systemwide policies to be overridden
   * extended PEAP to derive EMSK to enable use with ERP/FILS
   * extended WPS to allow SAE configuration to be added automatically for
     PSK (wps_cred_add_sae=1)
   * fixed FT and SA Query Action frame with AP-MLME-in-driver cases
   * OWE: allow Diffie-Hellman Parameter element to be included with DPP in
     preparation for DPP protocol extension
   * RADIUS server: started to accept ERP keyName-NAI as user identity
     automatically without matching EAP database entry
   * fixed PTK rekeying with FILS and FT

   wpa_supplicant:
   * SAE changes
     - added support for SAE Password Identifier
     - changed default configuration to enable only groups 19, 20, 21 (i.e.,
       disable groups 25 and 26) and disable all unsuitable groups completely
       based on REVmd changes
     - do not regenerate PWE unnecessarily when the AP uses the anti-clogging
       token mechanisms
     - fixed some association cases where both SAE and FT-SAE were enabled
       on both the station and the selected AP
     - started to prefer FT-SAE over SAE AKM if both are enabled
     - started to prefer FT-SAE over FT-PSK if both are enabled
     - fixed FT-SAE when SAE PMKSA caching is used
     - reject use of unsuitable groups based on new implementation guidance
       in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups
       with prime >= 256)
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-1/ (CVE-2019-9494)
   * EAP-pwd changes
     - minimize timing and memory use differences in PWE derivation
       [https://w1.fi/security/2019-2/ (CVE-2019-9495)
     - verify server scalar/element [https://w1.fi/security/2019-4/
       (CVE-2019-9499)
     - fix message reassembly issue with unexpected fragment
       [https://w1.fi/security/2019-5/
     - enforce rand,mask generation rules more strictly
     - fix a memory leak in PWE derivation
     - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)
   * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
   * Hotspot 2.0 changes
     - do not indicate release number that is higher than the one AP supports
     - added support for release number 3
     - enable PMF automatically for network profiles created from credentials
   * fixed OWE network profile saving
   * fixed DPP network profile saving
   * added support for RSN operating channel validation (CONFIG_OCV=y and
     network profile parameter ocv=1)
   * added Multi-AP backhaul STA support
   * fixed build with LibreSSL
   * number of MKA/MACsec fixes and extensions
   * extended domain_match and domain_suffix_match to allow list of values
   * fixed dNSName matching in domain_match and domain_suffix_match when
     using wolfSSL
   * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are
     enabled
   * extended nl80211 Connect and external authentication to support SAE,
     FT-SAE, FT-EAP-SHA384
   * fixed KEK2 derivation for FILS+FT
   * extended client_cert file to allow loading of a chain of PEM encoded
     certificates
   * extended beacon reporting functionality
   * extended D-Bus interface with number of new properties
   * fixed a regression in FT-over-DS with mac80211-based drivers
   * OpenSSL: allow systemwide policies to be overridden
   * extended driver flags indication for separate 802.1X and PSK 4-way
     handshake offload capability
   * added support for random P2P Device/Interface Address use
   * extended PEAP to derive EMSK to enable use with ERP/FILS
   * extended WPS to allow SAE configuration to be added automatically for
     PSK (wps_cred_add_sae=1)
   * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
   * extended domain_match and domain_suffix_match to allow list of values
   * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP
     KeyID using incorrect byte order
   * fixed PTK rekeying with FILS and FT

   - Enabled CLI editing and history support.

   Update to version 2.7

   * fixed WPA packet number reuse with replayed messages and key
     reinstallation [http://w1.fi/security/2017-1/ (CVE-2017-13082)
     (boo#1056061)
   * added support for FILS (IEEE 802.11ai) shared key authentication
   * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and
     transition mode defined by WFA)
   * added support for DPP (Wi-Fi Device Provisioning Protocol)
   * FT:
     - added local generation of PMK-R0/PMK-R1 for FT-PSK
       (ft_psk_generate_local=1)
     - replaced inter-AP protocol with a cleaner design that is more easily
       extensible; this breaks backward compatibility and requires all APs in
       the ESS to be updated at the same time to maintain FT functionality
     - added support for wildcard R0KH/R1KH
     - replaced r0_key_lifetime (minutes) parameter with ft_r0_key_lifetime
       (seconds)
     - fixed wpa_psk_file use for FT-PSK
     - fixed FT-SAE PMKID matching
     - added expiration to PMK-R0 and PMK-R1 cache
     - added IEEE VLAN support (including tagged VLANs)
     - added support for SHA384 based AKM
   * SAE
     - fixed some PMKSA caching cases with SAE
     - added support for configuring SAE password separately of the WPA2
       PSK/passphrase
     - added option to require MFP for SAE associations (sae_require_pmf=1)
     - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for
       SAE; note: this is not backwards compatible, i.e., both the AP and
       station side implementations will need to be update at the same time
       to maintain interoperability
     - added support for Password Identifier
   * hostapd_cli: added support for command history and completion
   * added support for requesting beacon report
   * large number of other fixes, cleanup, and extensions
   * added option to configure EAPOL-Key retry limits (wpa_group_update_count
     and wpa_pairwise_update_count)
   * removed all PeerKey functionality
   * fixed nl80211 AP mode configuration regression with Linux 4.15 and newer
   * added support for using wolfSSL cryptographic library
   * fixed some 20/40 MHz coexistence cases where the BSS could drop to 20
     MHz even when 40 MHz would be allowed
   * Hotspot 2.0
     - added support for setting Venue URL ANQP-element (venue_url)
     - added support for advertising Hotspot 2.0 operator icons
     - added support for Roaming Consortium Selection element
     - added support for Terms and Conditions
     - added support for OSEN connection in a shared RSN BSS
   * added support for using OpenSSL 1.1.1
   * added EAP-pwd server support for salted passwords


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2020-222=1

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2020-222=1

   - openSUSE Backports SLE-15:

      zypper in -t patch openSUSE-2020-222=1



Package List:

   - openSUSE Leap 15.1 (x86_64):

      hostapd-2.9-lp151.4.3.1
      hostapd-debuginfo-2.9-lp151.4.3.1
      hostapd-debugsource-2.9-lp151.4.3.1

   - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

      hostapd-2.9-bp151.5.3.1

   - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

      hostapd-2.9-bp150.15.1
      hostapd-debuginfo-2.9-bp150.15.1
      hostapd-debugsource-2.9-bp150.15.1


References:

   https://www.suse.com/security/cve/CVE-2017-13082.html
   https://www.suse.com/security/cve/CVE-2019-9494.html
   https://www.suse.com/security/cve/CVE-2019-9495.html
   https://www.suse.com/security/cve/CVE-2019-9496.html
   https://www.suse.com/security/cve/CVE-2019-9497.html
   https://www.suse.com/security/cve/CVE-2019-9498.html
   https://www.suse.com/security/cve/CVE-2019-9499.html
   https://bugzilla.suse.com/1056061

--