Advisories ยป MGASA-2016-0199

Updated wpa_supplicant packages fix security vulnerabilities

Publication date: 21 May 2016
Modification date: 21 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4476 , CVE-2016-4477


Updated wpa_suppliant packages fix security vulnerabilities:

A vulnerability was found in how wpa_supplicant writes the configuration file
update for the WPA/WPA2 passphrase parameter. If this parameter has been
updated to include control characters either through a WPS operation
(CVE-2016-4476) or through local configuration change over the wpa_supplicant
control interface (CVE-2016-4477), the resulting configuration file may prevent
the wpa_supplicant from starting when the updated file is used. In addition, it
may be possible to load a local library file and execute code from there with
the same privileges under which the wpa_supplicant process runs.