FS#44695 - [wpa_supplicant] CVE2015-1863

Attached to Project: Arch Linux
Opened by Ingo Albrecht (indigo) - Wednesday, 22 April 2015, 23:18 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 24 April 2015, 18:47 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

Description:

A vulnerability CVE2015-1863 was found in wpa_supplicant <version 2.5 and confirmed upstream [1] that could result in corrupted state in heap, unexpected program behavior due to corrupted P2P peer device information, denial of service due to wpa_supplicant process crash, exposure of memory contents during GO Negotiation, and potentially arbitrary code execution.

For mitigation until wpa_supplicant is updated, patches are linked in [1], further it is advised to rebuild disabling CONFIG_P2P in [2].

Additional info:
[1] http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
[2] https://projects.archlinux.org/svntogit/packages.git/tree/trunk/config?h=packages/wpa_supplicant#n471

This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Friday, 24 April 2015, 18:47 GMT
Reason for closing:  Fixed
Additional comments about closing:  wpa_supplicant 2.4-1
Comment by Levente Polyak (anthraxx) - Thursday, 23 April 2015, 21:25 GMT
to be pedantic it is not required to apply the patch *and* also disable CONFIG_P2P. either of both solutions are mitigating the issue (as stated by the upstream advisory).
I recommend that it may make sense to go with the upstream recommendation to apply the provided patch rather then disabling P2P support on build-time as the patch resolves the issue.
Comment by Evangelos Foutras (foutrelis) - Friday, 24 April 2015, 02:58 GMT
wpa_supplicant-2.4-1 in [testing] includes the upstream patch for this.
Comment by Ingo Albrecht (indigo) - Friday, 24 April 2015, 11:59 GMT
Your pedantry with such is well received, anthraxx. You're right. The alternative mentioned by upstream is to disable the feature via (the undocumented) "p2p_disabled=1" configuration option per interface in .conf (switching p2p off/on at runtime with wpa_cli does not work apparently).

Thanks for patching, 2.4-1 works fine here.

Loading...