WPA packet number reuse with replayed messages and key reinstallation. Effect on all our supporting release.
All our supporting releases need those fixes.
WPA packet number reuse with replayed messages and key reinstallation
A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.
The patches have been pushed to GitHub
https://github.com/WindRiver-OpenSourceLabs/oe-core/commit/93ce223a5865b0d9de5f5daab7ae1871dd5aee5e
https://github.com/WindRiver-OpenSourceLabs/meta-openembedded/commit/3f8175a1bb8d179e00f62e08cae44014f6c60239
Several upgrading related packages are also upgraded, so before system upgrade, they should be upgraded firstly. In each container:
# smart upgrade overc-utils overc-system-agent dom0-contctl dtach
Please note, not all these packages above exist in all containers, so
there should be some warning messages as below, it is hramless.
...
'overc-system-agent' matches no installed packages
'dom0-contctl' matches no installed packages
...
After upgrade those tool packages, we can start to upgrade whole system:
1) switch to dom0
Method to switch to dom0, details as "Switching Containers"
https://knowledge.windriver.com/en-us/000_Products/000/060/010/010/000_Wind_River_Pulsar_Linux_System_Administration_Guide%2C_8/020/010
2) upgrade system in dom0
more details see "Upgrading the System":
https://knowledge.windriver.com/en-us/000_Products/000/060/010/010/000_Wind_River_Pulsar_Linux_System_Administration_Guide%2C_8/040/000
