Updated wpa_supplicant and hostapd packages fix security vulnerabilities
Publication date: 19 Oct 2017Modification date: 19 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-13077 , CVE-2017-13078 , CVE-2017-13079 , CVE-2017-13080 , CVE-2017-13081 , CVE-2017-13082 , CVE-2017-13086 , CVE-2017-13087 , CVE-2017-13088
Description
Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly
handled WPA2. A remote attacker could use this issue with key
reinstallation attacks to obtain sensitive information. (CVE-2017-13077,
CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
References
- https://bugs.mageia.org/show_bug.cgi?id=21879
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
SRPMS
5/core
- hostapd-2.6-1.mga5
- wpa_supplicant-2.6-1.mga5
6/core
- hostapd-2.6-1.1.mga6
- wpa_supplicant-2.6-1.1.mga6