Security update for wpa_supplicant SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2305-1 Final 1 1 2016-09-14T13:37:15Z current 2016-09-14T13:37:15Z 2016-09-14T13:37:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wpa_supplicant This update for wpa_supplicant fixes the following issues: - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077) - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078) - CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079) - CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254) - CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-1351,SUSE-SLE-SERVER-12-SP1-2016-1351 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ Link for SUSE-SU-2016:2305-1 https://lists.suse.com/pipermail/sle-security-updates/2016-September/002272.html E-Mail link for SUSE-SU-2016:2305-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/930077 SUSE Bug 930077 https://bugzilla.suse.com/930078 SUSE Bug 930078 https://bugzilla.suse.com/930079 SUSE Bug 930079 https://bugzilla.suse.com/937419 SUSE Bug 937419 https://bugzilla.suse.com/952254 SUSE Bug 952254 https://www.suse.com/security/cve/CVE-2015-4141/ SUSE CVE CVE-2015-4141 page https://www.suse.com/security/cve/CVE-2015-4142/ SUSE CVE CVE-2015-4142 page https://www.suse.com/security/cve/CVE-2015-4143/ SUSE CVE CVE-2015-4143 page https://www.suse.com/security/cve/CVE-2015-5310/ SUSE CVE CVE-2015-5310 page https://www.suse.com/security/cve/CVE-2015-8041/ SUSE CVE CVE-2015-8041 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 wpa_supplicant-2.2-14.2 wpa_supplicant-2.2-14.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 wpa_supplicant-2.2-14.2 as a component of SUSE Linux Enterprise Server 12 SP1 wpa_supplicant-2.2-14.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. CVE-2015-4141 SUSE Linux Enterprise Desktop 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:wpa_supplicant-2.2-14.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ https://www.suse.com/security/cve/CVE-2015-4141.html CVE-2015-4141 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930077 SUSE Bug 930077 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. CVE-2015-4142 SUSE Linux Enterprise Desktop 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:wpa_supplicant-2.2-14.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ https://www.suse.com/security/cve/CVE-2015-4142.html CVE-2015-4142 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930078 SUSE Bug 930078 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. CVE-2015-4143 SUSE Linux Enterprise Desktop 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:wpa_supplicant-2.2-14.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ https://www.suse.com/security/cve/CVE-2015-4143.html CVE-2015-4143 https://bugzilla.suse.com/930079 SUSE Bug 930079 The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. CVE-2015-5310 SUSE Linux Enterprise Desktop 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:wpa_supplicant-2.2-14.2 moderate 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ https://www.suse.com/security/cve/CVE-2015-5310.html CVE-2015-5310 https://bugzilla.suse.com/952254 SUSE Bug 952254 https://bugzilla.suse.com/953115 SUSE Bug 953115 Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. CVE-2015-8041 SUSE Linux Enterprise Desktop 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server 12 SP1:wpa_supplicant-2.2-14.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:wpa_supplicant-2.2-14.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162305-1/ https://www.suse.com/security/cve/CVE-2015-8041.html CVE-2015-8041 https://bugzilla.suse.com/937419 SUSE Bug 937419