Updated wpa_supplicant packages fix security vulnerabilities
Publication date: 21 May 2016Modification date: 21 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4476 , CVE-2016-4477
Description
Updated wpa_suppliant packages fix security vulnerabilities: A vulnerability was found in how wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation (CVE-2016-4476) or through local configuration change over the wpa_supplicant control interface (CVE-2016-4477), the resulting configuration file may prevent the wpa_supplicant from starting when the updated file is used. In addition, it may be possible to load a local library file and execute code from there with the same privileges under which the wpa_supplicant process runs.
References
SRPMS
5/core
- wpa_supplicant-2.3-3.1.mga5