wpasupplicant nonce vulnerability (DSA-3999-1)

Asked by Aardvark Llama

wpasupplicant nonce vulnerability (DSA-3999-1):

In Mitre's CVE dictionary the following vulnerabilities for wpa clients have been identified: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

Details from the Debian Security Advisory is here https://www.debian.org/security/2017/dsa-3999

As the Debian wpasupplicant Maintainers have already provided a patch:

For the oldstable distribution (jessie), these problems have been fixed in version 2.3-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.
For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1.
For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1.

When is this going to be merged into the Ubuntu package set?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu wpa Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

I suggest you report a bug.

Revision history for this message
Bashing-om (bashing-om) said :
#2

Aardvark Llama; Hello;

Patched presently ?
The following packages will be upgraded: dkms wpasupplicant

Revision history for this message
Best Manfred Hampl (m-hampl) said :
#3
Revision history for this message
Aardvark Llama (anisotropy9) said :
#4

Having reviewed the patch diffs for 17.10 and 16.04, the fix has been applied. So all is good.

Revision history for this message
Aardvark Llama (anisotropy9) said :
#5

Thanks Manfred Hampl, that solved my question.