openSUSE Leap 15.0: 2020:4567-1 High: network-manager Security Flaw

opensuse

October 27, 2018

An update that solves one vulnerability and has 5 fixes is now available.

Description

This update for wpa_supplicant provides the following fixes:

This security issues was fixe:

- CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key

messages was not checked, leading to a decryption oracle. An attacker

within range of the Access Point and client could have abused the

vulnerability to recover sensitive information (bsc#1104205)

These non-security issues were fixed:

- Fix reading private key passwords from the configuration file.

(bsc#1099835)

- Enable PWD as EAP method. This allows for password-based authentication,

which is easier to setup than most of the other methods, and is used by

the Eduroam network. (bsc#1109209)

- compile eapol_test binary to allow testing via radius proxy and server

(note: this does not match CONFIG_EAPOL_TEST which sets -Werror and

activates an assert call inside the code of wpa_supplicant)

(bsc#1111873), (fate#326725)

- Enabled timestamps in log file...

Read the Full Advisory

Topics Covered

security advisory moderate security update wpa_supplicant openSUSE patch instructions decryption oracle

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1316=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

wpa_supplicant-2.6-lp150.3.6.1

wpa_supplicant-debuginfo-2.6-lp150.3.6.1

wpa_supplicant-debugsource-2.6-lp150.3.6.1

wpa_supplicant-gui-2.6-lp150.3.6.1

wpa_supplicant-gui-debuginfo-2.6-lp150.3.6.1

References

https://www.suse.com/security/cve/CVE-2018-14526.html

https://bugzilla.suse.com/1080798

https://bugzilla.suse.com/1098854

https://bugzilla.suse.com/1099835

https://bugzilla.suse.com/1104205

https://bugzilla.suse.com/1109209

https://bugzilla.suse.com/1111873

Announcement ID: openSUSE-SU-2018:3539-1

Rating: moderate

Affected Products: openSUSE Leap 15.0 le.

Topics Covered

security advisory moderate security update wpa_supplicant openSUSE patch instructions decryption oracle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 15.0: 2020:4567-1 High: network-manager Security Flaw

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 15.0: 2020:4567-1 High: network-manager Security Flaw

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!