This bug was fixed in the package wpa - 2:2.6-15ubuntu1
---------------
wpa (2:2.6-15ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/android_hal_fw_path_change.patch: add a DBus method
for requesting a firmware change when working with the Android HAL;
this is used to set a device in P2P or AP mode; conditional to
CONFIG_ANDROID_HAL being enabled.
- debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
- debian/control: Build-Depends on android-headers to get the required
wifi headers for the HAL support.
- debian/patches/dbus-available-sta.patch: Make the list of connected
stations available on DBus for hotspot mode; along with some of the
station properties, such as rx/tx packets, bytes, capabilities, etc.
* Updated debian/patches/dbus-available-sta.patch for new getter API
and refreshed other patches.
wpa (2:2.6-15) unstable; urgency=medium
* Update debian/control:
- Update Maintainer field to point to $pack...@packages.debian.org
- Update Vcs-* fields to point to salsa.d.o
- Drop no longer active uploaders.
wpa (2:2.6-14) unstable; urgency=medium
* Replace the PEM fix patch by Lukasz Siudut with an upstream patch.
Thanks to David Benjamin <david...@google.com>.
* Apply patches from Beniamino Galvani:
- Fix race condition in detecting MAC address change
- Update MAC address when driver detects a change
* Disable WNM to resolve a compatibility issue with wl.
Thanks to YOSHINO Yoshihito <yy.y.ja...@gmail.com>.
Hopefully really closes: #833507.
wpa (2:2.6-13) unstable; urgency=medium
* Fix a typo in functions.sh (Closes: #883659).
wpa (2:2.6-12) unstable; urgency=medium
* Add wl to the blacklist for MAC randomisation. (Closes: #833507)
* Blacklist an out-of-tree driver for Realtek RTL8188EU too.
wpa (2:2.6-11) unstable; urgency=medium
* Unbreak EAP-TLS.
Thanks to Dmitry Borodaenko <angdr...@debian.org>
wpa (2:2.6-10) unstable; urgency=medium
* Mask hostapd every time it has no valid configuration.
wpa (2:2.6-9) unstable; urgency=medium
* Tell NetworkManager to not touch MAC addresses on unsupported drivers.
Hopefully, this will fix #849077.
wpa (2:2.6-8) unstable; urgency=medium
* Revert "Build wpa_supplicant with interface matching support."
(Closes: #882716).
* Drop override_dh_builddeb.
* Use dh 10.
* Prevent hostapd from failing on the package install when there
isn't a valid configuration file yet (Closes: #882740):
- Don't enable hostapd.service by default.
- Mask hostapd.service on the first install.
wpa (2:2.6-7) unstable; urgency=medium
* Upload to unstable.
* Optional AP side workaround for key reinstallation attacks (LP: #1730399).
wpa (2:2.6-6) experimental; urgency=medium
[ Reiner Herrmann ]
* Port wpa_gui to Qt5 (Closes: #875233).
[ Andrew Shadura ]
* Add a service file for hostapd.
* Build wpa_supplicant with interface matching support (Closes: #879208).
[ Benedikt Wildenhain (BO) ]
* Install wpa_supplicant-wired@.service (Closes: #871488).
[ Jan-Benedict Glaw ]
* Consider all ifupdown configuration, not only /etc/network/interfaces
(Closes: #853293).
wpa (2:2.6-5) experimental; urgency=medium
[ Yves-Alexis Perez ]
* Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
- hostapd: Avoid key reinstallation in FT handshake
- Prevent reinstallation of an already in-use group key
- Extend protection of GTK/IGTK reinstallation of
- Fix TK configuration to the driver in EAPOL-Key 3/4
- Prevent installation of an all-zero TK
- Fix PTK rekeying to generate a new ANonce
- TDLS: Reject TPK-TK reconfiguration
- WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
- WNM: Ignore WNM-Sleep Mode Response without pending
- FT: Do not allow multiple Reassociation Response frames
- TDLS: Ignore incoming TDLS Setup Response retries
wpa (2:2.6-4) experimental; urgency=medium
* Upload to experimental.
* Bump the epoch to 2:, as the upload to unstable had to bump epoch.
-- Julian Andres Klode <juli...@ubuntu.com> Thu, 18 Jan 2018 19:47:17
+0100
** Changed in: wpa (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13078
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13079
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13080
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13081
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13082
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13086
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13087
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13088
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1730399
Title:
Add krackattacks mitigation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1730399/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
