| Message ID | 20240305155921.1818567-2-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] package/ell: bump to version 0.63 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2023-52161: The Access Point functionality in > eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before > 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi > network. An attacker can complete the EAPOL handshake by skipping Msg2/4 > and instead sending Msg4/4 with an all-zero key. > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=2.16 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2023-52161: The Access Point functionality in > eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before > 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi > network. An attacker can complete the EAPOL handshake by skipping Msg2/4 > and instead sending Msg4/4 with an all-zero key. > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=2.16 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2024.02.x, 2023.02.x and 2023.11.x, thanks.
diff --git a/package/iwd/iwd.hash b/package/iwd/iwd.hash index 4eea644842..3f18146e13 100644 --- a/package/iwd/iwd.hash +++ b/package/iwd/iwd.hash @@ -1,5 +1,5 @@ # From https://mirrors.edge.kernel.org/pub/linux/network/wireless/sha256sums.asc -sha256 f7ac93aeef672604f5b5194ca038035ae222925be392c4345873c9742f477797 iwd-2.6.tar.xz +sha256 c1a82032e994861e794cf3b5a16d07ae1aa03a6674f716c73408ffeae2a233ba iwd-2.16.tar.xz # License files sha256 ec60b993835e2c6b79e6d9226345f4e614e686eb57dc13b6420c15a33a8996e5 COPYING diff --git a/package/iwd/iwd.mk b/package/iwd/iwd.mk index f20427114b..af6b2f849a 100644 --- a/package/iwd/iwd.mk +++ b/package/iwd/iwd.mk @@ -4,7 +4,7 @@ # ################################################################################ -IWD_VERSION = 2.6 +IWD_VERSION = 2.16 IWD_SOURCE = iwd-$(IWD_VERSION).tar.xz IWD_SITE = $(BR2_KERNEL_MIRROR)/linux/network/wireless IWD_LICENSE = LGPL-2.1+
Fix CVE-2023-52161: The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key. https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=2.16 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/iwd/iwd.hash | 2 +- package/iwd/iwd.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)