Updated wpa_supplicant packages fix security vulnerability
Publication date: 19 Aug 2018Modification date: 19 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14526
Description
Updated wpa_supplicant packages fix security vulnerability:
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6.
Under certain conditions, the integrity of EAPOL-Key messages is not checked,
leading to a decryption oracle. An attacker within range of the Access Point
and client can abuse the vulnerability to recover sensitive information
(CVE-2018-14526).
References
- https://bugs.mageia.org/show_bug.cgi?id=23412
- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
SRPMS
6/core
- wpa_supplicant-2.6-1.2.mga6