| Name | CVE-2017-13081 |
| Description | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1150-1, DLA-1573-1, DSA-3999-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firmware-nonfree (PTS) | buster/non-free | 20190114-2 | fixed |
| buster/non-free (security) | 20190114+really20220913-0+deb10u2 | fixed | |
| bullseye/non-free | 20210315-3 | fixed | |
| bookworm/non-free-firmware | 20230210-5 | fixed | |
| trixie/non-free-firmware, sid/non-free-firmware | 20230625-2 | fixed | |
| wpa (PTS) | buster | 2:2.7+git20190128+0c1e29f-6+deb10u3 | fixed |
| buster (security) | 2:2.7+git20190128+0c1e29f-6+deb10u4 | fixed | |
| bullseye | 2:2.9.0-21 | fixed | |
| bookworm | 2:2.10-12 | fixed | |
| trixie, sid | 2:2.10-21 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firmware-nonfree | source | jessie | 20161130-4~deb8u1 | DLA-1573-1 | ||
| firmware-nonfree | source | stretch | 20161130-4 | |||
| firmware-nonfree | source | (unstable) | 20180825-1 | |||
| wpa | source | wheezy | 1.0-3+deb7u5 | DLA-1150-1 | ||
| wpa | source | jessie | 2.3-1+deb8u5 | DSA-3999-1 | ||
| wpa | source | stretch | 2:2.4-1+deb9u1 | DSA-3999-1 | ||
| wpa | source | (unstable) | 2:2.4-1.1 |
[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
https://w1.fi/security/2017-1/