git: 9784b45a8e - main - 12.4 Release notes: Improve net80211 entry

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Sat, 19 Nov 2022 14:57:17 UTC
The branch main has been updated by salvadore (ports committer):

URL: https://cgit.FreeBSD.org/doc/commit/?id=9784b45a8e258b091639c0df6db49fdf2b02fef9

commit 9784b45a8e258b091639c0df6db49fdf2b02fef9
Author:     Lorenzo Salvadore <salvadore@FreeBSD.org>
AuthorDate: 2022-11-19 14:19:53 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2022-11-19 14:56:03 +0000

    12.4 Release notes: Improve net80211 entry
    
    - Split entry into multiple entries sorted chronologically by commit
      date.
    - Add one more change.
    - Add CVE references.
    - Add gitref notes.
    
    Approved by:    re (gjb, implicit)
---
 website/content/en/releases/12.4R/relnotes.adoc | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/website/content/en/releases/12.4R/relnotes.adoc b/website/content/en/releases/12.4R/relnotes.adoc
index d116adb908..1168edcf1d 100644
--- a/website/content/en/releases/12.4R/relnotes.adoc
+++ b/website/content/en/releases/12.4R/relnotes.adoc
@@ -291,7 +291,18 @@ gitref:cf101bd5ceebe2b2d229faa949dbf3e146d04382[repository=src]
 The man:iflib[4] network interface driver framework had a lock order reversal (LOR) fixed.
 gitref:ea25a6af57e0ce1551341e3b1652233cdb11bee1[repository=src]
 
-The man:net80211[4] interface has improved several validations including Mesh ID length and SSID length. It also prevents plaintext injection by A-MSDU RFC1042/EAPOL frames and rejects mixed plaintext/encrypted fragments.
+The man:net80211[4] interface had some mitigations included agains A-MSDU design flaws (CVE-2020-24588).
+gitref:76ee776f4d9f146f7a97ac9bab388c51a1c787c9[repository=src]
+
+The man:net80211[4] interface will now reject mixed plaintext/encrypted fragments (CVE-2020-26147).
+gitref:00cd5a2f614ae2cf1daa30cde7f91de9cdde2393[repository=src]
+
+The man:net80211[4] interface will now prevent plaintext injection by A-MSDU RFC1042/EAPOL frames (CVE-2020-26144).
+gitref:2d09e4366b67dd719ebae5390436868e5430d833[repository=src]
+
+The man:net80211[4] interface has improved several validations including SSID length and Mesh ID length.
+gitref:f4d0e8787a09f4cdfb856924aaca97f1c78b65b1[repository=src]
+gitref:e7c990ba3f8de8c4882390cad9b01a9fa25ad068[repository=src]
 
 The man:pf[4] framework had some memory leaks fixed and now ensures the correct source/destination IP address in ICMP errors. It also provides improved route-to handling of pfsync'd states along with other changes and improvements.