desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #146982
[Bug 1512520] [NEW] New upstream release wpa 2.5
Public bug reported:
Upstream release 2.5 has come out recently, including a number of
security bugfixes and additional channel selection and performance
improvements to 5GHz networks. Please update to it :)
Changelog:
2015-09-27 - v2.5
* fixed P2P validation of SSID element length before copying it
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/]
* nl80211:
- added VHT configuration for IBSS
- fixed vendor command handling to check OUI properly
- allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
- optimize scan frequencies list when re-joining a persistent group
- fixed number of sequences with nl80211 P2P Device interface
- added operating class 125 for P2P use cases (this allows 5 GHz
channels 161 and 169 to be used if they are enabled in the current
regulatory domain)
- number of fixes to P2PS functionality
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
- extended support for preferred channel listing
* D-Bus:
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
- fixed PresenceRequest to use group interface
- added new signals: FindStopped, WPS pbc-overlap,
GroupFormationFailure, WPS timeout, InvitationReceived
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
- added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
command (optional "ssid <hexdump>" arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
(phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes
** Affects: wpa (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wpa in Ubuntu.
https://bugs.launchpad.net/bugs/1512520
Title:
New upstream release wpa 2.5
Status in wpa package in Ubuntu:
New
Bug description:
Upstream release 2.5 has come out recently, including a number of
security bugfixes and additional channel selection and performance
improvements to 5GHz networks. Please update to it :)
Changelog:
2015-09-27 - v2.5
* fixed P2P validation of SSID element length before copying it
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/]
* nl80211:
- added VHT configuration for IBSS
- fixed vendor command handling to check OUI properly
- allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
- optimize scan frequencies list when re-joining a persistent group
- fixed number of sequences with nl80211 P2P Device interface
- added operating class 125 for P2P use cases (this allows 5 GHz
channels 161 and 169 to be used if they are enabled in the current
regulatory domain)
- number of fixes to P2PS functionality
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
- extended support for preferred channel listing
* D-Bus:
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
- fixed PresenceRequest to use group interface
- added new signals: FindStopped, WPS pbc-overlap,
GroupFormationFailure, WPS timeout, InvitationReceived
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
- added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
command (optional "ssid <hexdump>" arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
(phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1512520/+subscriptions
Follow ups