Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 20: 6952 Critical Update for wpa_supplicant P2P Attack

fedora
Calendar Grey May 12, 2015
Dist Fedora Esm H88
An essential patch for wpa_supplicant in Fedora tackles CVE-2015-1864, enhancing security measures for user systems.
This update addresses a security vulnerability identified as CVE-2015-1863

Summary

wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA

component that is used in the client stations. It implements key negotiation

with a WPA Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

Update Information:

This update addresses a security vulnerability identified as CVE-2015-1863 . More information on this vulnerability is provided by upstream at https://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt . An extract:

Attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a suitably constructed management frame that triggers a P2P peer device information to be created or updated.

The vulnerability is easiest to exploit while the device has started an active P2P operation (e.g., has ongoing P2P_FIND or P2P_LISTEN control interface command in progress). However, it may be possible, though significantly more difficult, to trigger this even without any active P2P operation in progress.

Topics%20covered

Topics Covered

security advisory critical Fedora wpa_supplicant P2P attack

Change Log

* Thu Apr 23 2015 Adam Williamson - 1:2.0-13 - backport fix for CVE-2015-1863 * Wed Oct 22 2014 Dan Williams - 1:2.0-12 - Use os_exec() for action script execution (CVE-2014-3686) * Thu Aug 21 2014 Kevin Fenzi - 1:2.0-11 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering - 1:2.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering - 1:2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

References

Fedora Update Notification FEDORA-2015-6952 2015-04-26 07:38:01
Name : wpa_supplicant Product : Fedora 20 Version : 2.0 Release : 13.fc20 URL : http://w1.fi/wpa_supplicant/ Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update wpa_supplicant' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: wpa_supplicant
Product: Fedora 20
Version: 2.0
Release: 13.fc20
URL: http://w1.fi/wpa_supplicant/
Summary: WPA/WPA2/IEEE 802.1X Supplicant

Topics%20covered

Topics Covered

security advisory critical Fedora wpa_supplicant P2P attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here