Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 35: FEDORA-2022-41f5b208b2 Critical: wpa_supplicant OCV Update

fedora
Calendar Grey January 29, 2022
Dist Fedora Esm H88
The advancement of wpa_supplicant to version 2.10 within Fedora 35 significantly boosts security by implementing OCV in response to CVE-2022-23303.
update to version 2.10 and enable OCV CVE-2022-23303

Summary

wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA

component that is used in the client stations. It implements key negotiation

with a WPA Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

update to version 2.10 and enable OCV CVE-2022-23303

* Wed Jan 26 2022 Michael Yartys - 1:2.10-2

- Enable Operating Channel Validation (OCV) support

* Mon Jan 17 2022 Davide Caratti - 1:2.10-1

- Update to version 2.10 (keeping CONFIG_WEP enabled). Related: rhbz#2041269

* Tue Sep 14 2021 Sahana Prasad - 1:2.9-16

- Rebuilt with OpenSSL 3.0.0

* Fri Sep 3 2021 Davide Caratti - 1:2.9-15

- Fix NetworkManager-CI failures with OpenSSL 3.0

* Tue Jul 27 2021 Dave Olsthoorn - 1:2.9-14

- Fix issues with FT a.k.a. 802.11r when not supported by adapter

[ 1 ] Bug #2041269 - wpa_supplicant-2.10 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2041269

[ 2 ] Bug #2044603 - CVE-2022-23303 wpa_supplicant: SAE side channel attacks as a result of cache access patterns [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2044603

su -c 'dnf upgrade --advisory FEDORA-2022-41f5b208b2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory software update Fedora wpa_supplicant OCV SAE attack

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 2.10
Release: 2.fc35
URL: http://w1.fi/wpa_supplicant/
Summary: WPA/WPA2/IEEE 802.1X Supplicant

Topics%20covered

Topics Covered

security advisory software update Fedora wpa_supplicant OCV SAE attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here