200567 – net/hostapd: [security] multiple vulnerabilities

Bug 200567 - net/hostapd: [security] multiple vulnerabilities

Summary: net/hostapd: [security] multiple vulnerabilities

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	John Marino

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-01 10:12 UTC by Jason Unovitch
Modified:	2015-06-02 09:53 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	marino: maintainer-feedback+

Attachments
net/hostapd: security update (8.15 KB, patch) 2015-06-01 10:12 UTC, Jason Unovitch	no flags	Details \| Diff
Poudriere testport build logs from 10.1-RELEASE amd64 (14.54 KB, text/x-log) 2015-06-01 10:13 UTC, Jason Unovitch	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Unovitch freebsd_committer

2015-06-01 10:12:52 UTC

Created attachment 157334 [details]
net/hostapd: security update

Apply security patches from the following upstream security advisories:

2015-2 - WPS UPnP vulnerability with HTTP chunked transfer encoding
2015-3 - Integer underflow in AP mode WMM Action frame processing
2015-4 - EAP-pwd missing payload length validation

CVEs:

CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146

Reference:

http://openwall.com/lists/oss-security/2015/05/31/6

Comment 1 Jason Unovitch freebsd_committer

2015-06-01 10:13:55 UTC

Created attachment 157336 [details]
Poudriere testport build logs from 10.1-RELEASE amd64

Also 'testport' build tested on the following releases (info from `poudriere jail -l`)
8.4-RELEASE-p28      amd64
8.4-RELEASE-p28      i386
9.3-RELEASE-p14      amd64
9.3-RELEASE-p14      i386
10.1-RELEASE-p10     amd64
10.1-RELEASE-p10     i386
11.0-CURRENT r282869 amd64
11.0-CURRENT r282869 i386

Comment 2 Jason Unovitch freebsd_committer

2015-06-01 10:14:38 UTC

For maintainer, I am working a combined security/vuxml update as part of the PR for wpa_supplicant since they are from the same upstream.

Comment 3 Jason Unovitch freebsd_committer

2015-06-01 11:21:49 UTC

The security/vuxml entry is in https://bugs.freebsd.org/200568.  Given that advisory, the following would be valid for the commit messsage:

- Apply upstream patches for security advisories 2015-2, 2015-3, and 2015-4

PR:		200567
Security:	bbc0db92-084c-11e5-bb90-002590263bf5
Security:	CVE-2015-4141
Security:	CVE-2015-4142
Security:	CVE-2015-4143
Security:	CVE-2015-4144
Security:	CVE-2015-4145
Security:	CVE-2015-4146
Submitted by:	Jason Unovitch <jason unovitch gmail com>
MFH:		2015Q2

Comment 4 Craig Leres freebsd_committer

2015-06-02 01:37:01 UTC

Comment on attachment 157334 [details]
net/hostapd: security update

Approved

Comment 5 Craig Leres freebsd_committer

2015-06-02 01:38:24 UTC

Thanks for jumping on this!

(I tried turning on the "maintainer approval" flag on the patch/attachment but it doesn't seem to work.)

Comment 6 commit-hook freebsd_committer

2015-06-02 09:53:00 UTC

A commit references this bug:

Author: marino
Date: Tue Jun  2 09:52:03 UTC 2015
New revision: 388314
URL: https://svnweb.freebsd.org/changeset/ports/388314

Log:
  net/hostapd: Address 3 latest security advisories

  These are combined upstream patches 2015-2, 2015-3, 2015-4
  They address the following security advisories:

    * CVE-2015-4141
    * CVE-2015-4142
    * CVE-2015-4143
    * CVE-2015-4144
    * CVE-2015-4145
    * CVE-2015-4146

  These advisories also apply to security/wpa_supplicant

  PR:		200567
  Submitted by:	Jason Unovitch
  Approved by:	maintainer (Craig Leres)

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/files/patch-src_ap_wmm.c
  head/net/hostapd/files/patch-src_eap__peer_eap__pwd.c
  head/net/hostapd/files/patch-src_eap__server_eap__server__pwd.c
  head/net/hostapd/files/patch-src_wps_httpread.c

Comment 7 John Marino freebsd_committer

2015-06-02 09:53:42 UTC

Thanks!