Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 35: Important Security Fix for Critical DoS Issues in Hostapd

fedora
Calendar Grey February 12, 2022
Dist Fedora Esm H88
Reduce vulnerabilities in hostapd with essential patches addressing two CVEs. Safeguard your system in Fedora 35.
Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which upstream maintainer advises for these CVEs.

Summary

hostapd is a user space daemon for access point and authentication servers. It

implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP

Authenticators and RADIUS authentication server.

hostapd is designed to be a "daemon" program that runs in the back-ground and

acts as the backend component controlling authentication. hostapd supports

separate frontend programs and an example text-based frontend, hostapd_cli, is

included with hostapd.

Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which

upstream maintainer advises for these CVEs.

* Thu Jan 20 2022 Fedora Release Engineering - 2.10-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Wed Jan 19 2022 John W. Linville - 2.10-2

- Enable CONFIG_OCV build option to fight multi-channel MITM attacks

* Mon Jan 17 2022 John W. Linville - 2.10-1

- Update to version 2.10 from upstream

- Enable support for IEEE802.11ax

* Tue Sep 14 2021 Sahana Prasad - 2.9-13

- Rebuilt with OpenSSL 3.0.0

* Fri Sep 10 2021 Davide Caratti - 2.9-12

- backport fix for NetworkManager-ci failures with openssl-3.0.0

[ 1 ] Bug #2044599 - CVE-2022-23304 wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns

https://bugzilla.redhat.com/show_bug.cgi?id=2044599

[ 2 ] Bug #2044602 - CVE-2022-23303 wpa_supplicant: SAE side channel attacks as a result of cache access patterns

https://bugzilla.redhat.com/show_bug.cgi?id=2044602

su -c 'dnf upgrade --advisory FEDORA-2022-da8222a1bc' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical Fedora authentication wpa_supplicant hostapd EAP bypass

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 2.10
Release: 3.fc35
URL: http://w1.fi/hostapd/
Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

Topics%20covered

Topics Covered

security advisory critical Fedora authentication wpa_supplicant hostapd EAP bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here