Bug 209564

Summary:	security/wpa_supplicant - multiple vulnerabilities
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	John Marino <marino>
Status:	Closed FIXED
Severity:	Affects Some People	CC:	junovitch, ports-secteam
Priority:	---	Flags:	bugzilla: maintainer-feedback? (marino) junovitch: merge-quarterly+
Version:	Latest
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2016-05-17 01:28:52 UTC

missing vuxml entry & patches
http://w1.fi/security/2016-1/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4476
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4477

Comment 1 commit-hook freebsd_committer

2016-05-19 21:12:35 UTC

A commit references this bug:

Author: marino
Date: Thu May 19 21:12:08 UTC 2016
New revision: 415527
URL: https://svnweb.freebsd.org/changeset/ports/415527

Log:
  security/wpa_supplicant: Add security patch set 2016-1

  A vulnerability was found in how hostapd and wpa_supplicant writes the
  configuration file update for the WPA/WPA2 passphrase parameter. If this
  parameter has been updated to include control characters either through
  a WPS operation (CVE-2016-4476) or through local configuration change
  over the wpa_supplicant control interface (CVE-2016-4477), the resulting
  configuration file may prevent the hostapd and wpa_supplicant from
  starting when the updated file is used. In addition for wpa_supplicant,
  it may be possible to load a local library file and execute code from
  there with the same privileges under which the wpa_supplicant process
  runs.

  These patches were developed upstream and published as a response
  to the security advisories CVE-2016-4476 and CVE-2016-4477.

  PR:		209564
  Requested by:	Sevan Janiyan

Changes:
  head/security/wpa_supplicant/Makefile
  head/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
  head/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
  head/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
  head/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
  head/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s

Comment 2 commit-hook freebsd_committer

2016-05-20 01:23:07 UTC

A commit references this bug:

Author: junovitch
Date: Fri May 20 01:22:32 UTC 2016
New revision: 415536
URL: https://svnweb.freebsd.org/changeset/ports/415536

Log:
  Document wpa_supplicant security advisory 2016-1

  PR:		209564
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-4477
  Security:	CVE-2016-4476
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2016-05-20 01:24:08 UTC

A commit references this bug:

Author: junovitch
Date: Fri May 20 01:23:57 UTC 2016
New revision: 415537
URL: https://svnweb.freebsd.org/changeset/ports/415537

Log:
  MFH: r415527

  security/wpa_supplicant: Add security patch set 2016-1

  A vulnerability was found in how hostapd and wpa_supplicant writes the
  configuration file update for the WPA/WPA2 passphrase parameter. If this
  parameter has been updated to include control characters either through
  a WPS operation (CVE-2016-4476) or through local configuration change
  over the wpa_supplicant control interface (CVE-2016-4477), the resulting
  configuration file may prevent the hostapd and wpa_supplicant from
  starting when the updated file is used. In addition for wpa_supplicant,
  it may be possible to load a local library file and execute code from
  there with the same privileges under which the wpa_supplicant process
  runs.

  These patches were developed upstream and published as a response
  to the security advisories CVE-2016-4476 and CVE-2016-4477.

  PR:		209564
  Requested by:	Sevan Janiyan
  Security:	CVE-2016-4477
  Security:	CVE-2016-4476
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/security/wpa_supplicant/Makefile
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
  branches/2016Q2/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s