Reminding OpenBSD users on this site to apply errata patches!
Also check for older patches you may have missed: https://www.openbsd.org/errata60.html
Yesterday’s patch had a bug with WPA enterprise.
A second revision of the patch has been published at the same URL.
The new patch says it is version 2.
Could you also provide a diff for the people who have already patched their systems?
The bug in the first patch was an uninitialized variable. The first line of ieee80211_keyrun() changed such that ni = ic->ic_bss;
ni = ic->ic_bss;
Revert the first patch, apply the second.
It’s fine when you still have the first patch. I don’t, so it’s good to know what changed.
I knew you’d say that. :)
Good reminder to keep applied patches in a safe place. You may need to revert. At the very least, a convenient log of what’s changed.
Does this mean 3 in a heck of a long time?
By default, OpenBSD does not permit unauthenicated root logins from the local network. :)
Such a man-in-the-middle attack can be done at any hop on the internet.
You should worry if you are using unencrypted protocols with weak authentication (e.g. NFS) and rely only on WPA for their security. Most people should just not worry, patch this bug, and move on.