Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 39: FEDORA-2024-a95bdde55b Critical: wpa_supplicant Flaw

fedora
Calendar Grey February 27, 2024
Dist Fedora Esm H88
Fedora 39 has released an important update to tackle an authorization bypass vulnerability in wpa_supplicant. Users should review the patch notes for significant corrections.
backport fix for PEAP client (CVE-2023-52160)

Summary

wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA

component that is used in the client stations. It implements key negotiation

with a WPA Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

Update Information:

backport fix for PEAP client (CVE-2023-52160)

Change Log

* Thu Feb 22 2024 Davide Caratti - 1:2.10-9 - Backport fix for PEAP client (CVE-2023-52160)

References


[ 1 ] Bug #2264594 - TRIAGE CVE-2023-52160 wpa_supplicant: potential authorization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264594 [ 2 ] Bug #2265479 - unpatched CVE-2023-52160 in Fedora 38 & 39 https://bugzilla.redhat.com/show_bug.cgi?id=2265479

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a95bdde55b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: wpa_supplicant
Product: Fedora 39
Version: 2.10
Release: 9.fc39
Summary: WPA/WPA2/IEEE 802.1X Supplicant

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here