Advisories » MGASA-2018-0348

Updated wpa_supplicant packages fix security vulnerability

Publication date: 19 Aug 2018
Modification date: 19 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14526

Description

Updated wpa_supplicant packages fix security vulnerability:

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6.
Under certain conditions, the integrity of EAPOL-Key messages is not checked,
leading to a decryption oracle. An attacker within range of the Access Point
and client can abuse the vulnerability to recover sensitive information
(CVE-2018-14526).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23412
• https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/
• https://www.cve.org/CVERecord?id=CVE-2018-14526

SRPMS

6/core

• wpa_supplicant-2.6-1.2.mga6