Bug 200567 - net/hostapd: [security] multiple vulnerabilities
Summary: net/hostapd: [security] multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: John Marino
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-01 10:12 UTC by Jason Unovitch
Modified: 2015-06-02 09:53 UTC (History)
2 users (show)

See Also:
marino: maintainer-feedback+


Attachments
net/hostapd: security update (8.15 KB, patch)
2015-06-01 10:12 UTC, Jason Unovitch
no flags Details | Diff
Poudriere testport build logs from 10.1-RELEASE amd64 (14.54 KB, text/x-log)
2015-06-01 10:13 UTC, Jason Unovitch
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Unovitch freebsd_committer freebsd_triage 2015-06-01 10:12:52 UTC
Created attachment 157334 [details]
net/hostapd: security update

Apply security patches from the following upstream security advisories:

2015-2 - WPS UPnP vulnerability with HTTP chunked transfer encoding
2015-3 - Integer underflow in AP mode WMM Action frame processing
2015-4 - EAP-pwd missing payload length validation

CVEs:

CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146

Reference:

http://openwall.com/lists/oss-security/2015/05/31/6
Comment 1 Jason Unovitch freebsd_committer freebsd_triage 2015-06-01 10:13:55 UTC
Created attachment 157336 [details]
Poudriere testport build logs from 10.1-RELEASE amd64

Also 'testport' build tested on the following releases (info from `poudriere jail -l`)
8.4-RELEASE-p28      amd64
8.4-RELEASE-p28      i386
9.3-RELEASE-p14      amd64
9.3-RELEASE-p14      i386
10.1-RELEASE-p10     amd64
10.1-RELEASE-p10     i386
11.0-CURRENT r282869 amd64
11.0-CURRENT r282869 i386
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2015-06-01 10:14:38 UTC
For maintainer, I am working a combined security/vuxml update as part of the PR for wpa_supplicant since they are from the same upstream.
Comment 3 Jason Unovitch freebsd_committer freebsd_triage 2015-06-01 11:21:49 UTC
The security/vuxml entry is in https://bugs.freebsd.org/200568.  Given that advisory, the following would be valid for the commit messsage:

- Apply upstream patches for security advisories 2015-2, 2015-3, and 2015-4

PR:		200567
Security:	bbc0db92-084c-11e5-bb90-002590263bf5
Security:	CVE-2015-4141
Security:	CVE-2015-4142
Security:	CVE-2015-4143
Security:	CVE-2015-4144
Security:	CVE-2015-4145
Security:	CVE-2015-4146
Submitted by:	Jason Unovitch <jason unovitch gmail com>
MFH:		2015Q2
Comment 4 Craig Leres freebsd_committer freebsd_triage 2015-06-02 01:37:01 UTC
Comment on attachment 157334 [details]
net/hostapd: security update

Approved
Comment 5 Craig Leres freebsd_committer freebsd_triage 2015-06-02 01:38:24 UTC
Thanks for jumping on this!

(I tried turning on the "maintainer approval" flag on the patch/attachment but it doesn't seem to work.)
Comment 6 commit-hook freebsd_committer freebsd_triage 2015-06-02 09:53:00 UTC
A commit references this bug:

Author: marino
Date: Tue Jun  2 09:52:03 UTC 2015
New revision: 388314
URL: https://svnweb.freebsd.org/changeset/ports/388314

Log:
  net/hostapd: Address 3 latest security advisories

  These are combined upstream patches 2015-2, 2015-3, 2015-4
  They address the following security advisories:

    * CVE-2015-4141
    * CVE-2015-4142
    * CVE-2015-4143
    * CVE-2015-4144
    * CVE-2015-4145
    * CVE-2015-4146

  These advisories also apply to security/wpa_supplicant

  PR:		200567
  Submitted by:	Jason Unovitch
  Approved by:	maintainer (Craig Leres)

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/files/patch-src_ap_wmm.c
  head/net/hostapd/files/patch-src_eap__peer_eap__pwd.c
  head/net/hostapd/files/patch-src_eap__server_eap__server__pwd.c
  head/net/hostapd/files/patch-src_wps_httpread.c
Comment 7 John Marino freebsd_committer freebsd_triage 2015-06-02 09:53:42 UTC
Thanks!