ChangeLog for: 2017-10-18 19:21:18
ap/cups-2.2.5-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.6-x86_64-2.txz: Rebuilt.
This update includes patches to mitigate the WPA2 protocol issues known
as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data,
hijack TCP connections, and to forge and inject packets. This is the
list of vulnerabilities that are addressed here:
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the
4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way
handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key
handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group
key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)
Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)
while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame.
For more information, see:
https://www.krackattacks.com/
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
(* Security fix *)
x/libXfont2-2.0.2-x86_64-1.txz: Upgraded.
This update is a collection of minor fixes since 2.0.1, including
CVE-2017-13720 and CVE-2017-13722.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
(* Security fix *)
x/libXres-1.2.0-x86_64-1.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)
XResQueryClients and (2) XResQueryClientResources functions.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
(* Security fix *)
x/xorg-server-1.19.5-x86_64-1.txz: Upgraded.
This update fixes integer overflows and other possible security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187
(* Security fix *)
x/xorg-server-xephyr-1.19.5-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.19.5-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.19.5-x86_64-1.txz: Upgraded.