← Back to team overview

desktop-packages team mailing list archive

[Bug 1512520] Re: New upstream release wpa 2.5


Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: wpa (Ubuntu)
       Status: New => Confirmed

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wpa in Ubuntu.

  New upstream release wpa 2.5

Status in wpa package in Ubuntu:

Bug description:
  Upstream release 2.5 has come out recently, including a number of
  security bugfixes and additional channel selection and performance
  improvements to 5GHz networks. Please update to it :)


  2015-09-27 - v2.5
  	* fixed P2P validation of SSID element length before copying it
  	  [http://w1.fi/security/2015-1/] (CVE-2015-1863)
  	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
  	  [http://w1.fi/security/2015-2/] (CVE-2015-4141)
  	* fixed WMM Action frame parser (AP mode)
  	  [http://w1.fi/security/2015-3/] (CVE-2015-4142)
  	* fixed EAP-pwd peer missing payload length validation
  	  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
  	* fixed validation of WPS and P2P NFC NDEF record payload length
  	* nl80211:
  	  - added VHT configuration for IBSS
  	  - fixed vendor command handling to check OUI properly
  	  - allow driver-based roaming to change ESS
  	* added AVG_BEACON_RSSI to SIGNAL_POLL output
  	* wpa_cli: added tab completion for number of commands
  	* removed unmaintained and not yet completed SChannel/CryptoAPI support
  	* modified Extended Capabilities element use in Probe Request frames to
  	  include all cases if any of the values are non-zero
  	* added support for dynamically creating/removing a virtual interface
  	  with interface_add/interface_remove
  	* added support for hashed password (NtHash) in EAP-pwd peer
  	* added support for memory-only PSK/passphrase (mem_only_psk=1 and
  	* P2P
  	  - optimize scan frequencies list when re-joining a persistent group
  	  - fixed number of sequences with nl80211 P2P Device interface
  	  - added operating class 125 for P2P use cases (this allows 5 GHz
  	    channels 161 and 169 to be used if they are enabled in the current
  	    regulatory domain)
  	  - number of fixes to P2PS functionality
  	  - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
  	  - extended support for preferred channel listing
  	* D-Bus:
  	  - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
  	  - fixed PresenceRequest to use group interface
  	  - added new signals: FindStopped, WPS pbc-overlap,
  	    GroupFormationFailure, WPS timeout, InvitationReceived
  	  - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
  	  - added manufacturer info
  	* added EAP-EKE peer support for deriving Session-Id
  	* added wps_priority configuration parameter to set the default priority
  	  for all network profiles added by WPS
  	* added support to request a scan with specific SSIDs with the SCAN
  	  command (optional "ssid <hexdump>" arguments)
  	* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
  	* fixed SAE group selection in an error case
  	* modified SAE routines to be more robust and PWE generation to be
  	  stronger against timing attacks
  	* added support for Brainpool Elliptic Curves with SAE
  	* added support for CCMP-256 and GCMP-256 as group ciphers with FT
  	* fixed BSS selection based on estimated throughput
  	* added option to disable TLSv1.0 with OpenSSL
  	* added Fast Session Transfer (FST) module
  	* fixed OpenSSL PKCS#12 extra certificate handling
  	* fixed key derivation for Suite B 192-bit AKM (this breaks
  	  compatibility with the earlier version)
  	* added RSN IE to Mesh Peering Open/Confirm frames
  	* number of small fixes

To manage notifications about this bug go to: