RHBA-2009:0062 - Bug Fix Advisory

Topic

Updated wpa_supplicant packages that fix various bugs and support the
updated NetworkManager package are now available.

Description

wpa_supplicant provides support for WPA (WiFi Protected Access) and RSN
(Robust Secure Network), also called WPA2. wpa_supplicant implements
key negotiation with a WPA Authenticator and controls roaming as well as
the authentication and association of the wireless driver.

These updated packages rebase wpa_supplicant to the latest upstream stable
version and include backported fixes for a number of issues that may affect
users of wireless drivers that depend on the kernel's mac80211 wireless
stack. Specific fixes and enhancements include:

• Support for a D-Bus control interface has been added. D-Bus is a

popular lightweight Inter-Process Communication mechanism, and the addition
of this control interface to wpa_supplicant allows applications (like
NetworkManager) to more reliably control the supplicant.

• Cisco Aironet 340/350 wireless cards were not able to successfully

connect to 802.1x-enabled wireless networks, often used in security
sensitive organizations. During the connection process at the 4-Way WPA
handshake stage, sending encryption keys to the driver would clear the
wireless card firmware's authentication state. With this update, the
supplicant uses an alternate method of supplying encryption keys to the
kernel driver, allowing authentication state to be preserved in the Aironet
firmware and 802.1x connections to succeed.

• Kernel drivers utilizing the new mac80211 wireless stack were sometimes

unable to connect to wireless networks, either failing to find the
requested network, or prematurely ending communication with the wireless
access point during the connection process. Some drivers were prone to
reporting multiple disconnection events during the association process,
confusing the supplicant and causing long timeouts. The supplicant also
did not sufficiently instruct the driver to disconnect when switching
access points. This update fixes these issues and, in conjunction with
kernel driver updates, allow more wireless hardware to successfully connect
to wireless networks.

All wpa_supplicant users are advised to upgrade to this updated package,
which addresses these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 449605 - Add IW_ENCODE_TEMP patch to help airo with 802.1x WiFi connections
• BZ - 468441 - wpa_supplicant mishandles Intel 3945, 4965, and 5000 disconnections during association

CVEs

(none)

References

(none)