Bug 209564

Summary: security/wpa_supplicant - multiple vulnerabilities
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: John Marino <marino>
Status: Closed FIXED    
Severity: Affects Some People CC: junovitch, ports-secteam
Priority: --- Flags: bugzilla: maintainer-feedback? (marino)
junovitch: merge-quarterly+
Version: Latest   
Hardware: Any   
OS: Any   

Comment 1 commit-hook freebsd_committer freebsd_triage 2016-05-19 21:12:35 UTC
A commit references this bug:

Author: marino
Date: Thu May 19 21:12:08 UTC 2016
New revision: 415527
URL: https://svnweb.freebsd.org/changeset/ports/415527

Log:
  security/wpa_supplicant: Add security patch set 2016-1

  A vulnerability was found in how hostapd and wpa_supplicant writes the
  configuration file update for the WPA/WPA2 passphrase parameter. If this
  parameter has been updated to include control characters either through
  a WPS operation (CVE-2016-4476) or through local configuration change
  over the wpa_supplicant control interface (CVE-2016-4477), the resulting
  configuration file may prevent the hostapd and wpa_supplicant from
  starting when the updated file is used. In addition for wpa_supplicant,
  it may be possible to load a local library file and execute code from
  there with the same privileges under which the wpa_supplicant process
  runs.

  These patches were developed upstream and published as a response
  to the security advisories CVE-2016-4476 and CVE-2016-4477.

  PR:		209564
  Requested by:	Sevan Janiyan

Changes:
  head/security/wpa_supplicant/Makefile
  head/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
  head/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
  head/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
  head/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
  head/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-05-20 01:23:07 UTC
A commit references this bug:

Author: junovitch
Date: Fri May 20 01:22:32 UTC 2016
New revision: 415536
URL: https://svnweb.freebsd.org/changeset/ports/415536

Log:
  Document wpa_supplicant security advisory 2016-1

  PR:		209564
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-4477
  Security:	CVE-2016-4476
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-05-20 01:24:08 UTC
A commit references this bug:

Author: junovitch
Date: Fri May 20 01:23:57 UTC 2016
New revision: 415537
URL: https://svnweb.freebsd.org/changeset/ports/415537

Log:
  MFH: r415527

  security/wpa_supplicant: Add security patch set 2016-1

  A vulnerability was found in how hostapd and wpa_supplicant writes the
  configuration file update for the WPA/WPA2 passphrase parameter. If this
  parameter has been updated to include control characters either through
  a WPS operation (CVE-2016-4476) or through local configuration change
  over the wpa_supplicant control interface (CVE-2016-4477), the resulting
  configuration file may prevent the hostapd and wpa_supplicant from
  starting when the updated file is used. In addition for wpa_supplicant,
  it may be possible to load a local library file and execute code from
  there with the same privileges under which the wpa_supplicant process
  runs.

  These patches were developed upstream and published as a response
  to the security advisories CVE-2016-4476 and CVE-2016-4477.

  PR:		209564
  Requested by:	Sevan Janiyan
  Security:	CVE-2016-4477
  Security:	CVE-2016-4476
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/security/wpa_supplicant/Makefile
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s