Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE 15.1: 2020:2053-1 Moderate: wpa_supplicant Disconnection Bypass

opensuse
Calendar Grey November 26, 2020
Dist Opensuse Esm H88
This release resolves 18 vulnerabilities in NetworkManager for Fedora, improving stability and efficiency functionalities.
An update that fixes 22 vulnerabilities is now available.

Description

This update for wpa_supplicant fixes the following issues:

Security issue fixed:

- CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass

(bsc#1150934).

Non-security issues fixed:

- Enable SAE support (jsc#SLE-14992).

- Limit P2P_DEVICE name to appropriate ifname size.

- Fix wicked wlan (bsc#1156920)

- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)

- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete

(bsc#1167331)

- Fix WLAN config on boot with wicked. (bsc#1166933)

- Update to 2.9 release:

* SAE changes

- disable use of groups using Brainpool curves

- improved protection against side channel attacks

[https://w1.fi/security/2019-6/

* EAP-pwd changes

- disable use of groups using Brainpool curves

- allow the set of groups to be configured (eap_pwd_groups)

- improved protection against side channel attacks

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security update patch wpa_supplicant openSUSE disconnection bypass

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2053=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

wpa_supplicant-2.9-lp151.5.10.1

wpa_supplicant-debuginfo-2.9-lp151.5.10.1

wpa_supplicant-debugsource-2.9-lp151.5.10.1

wpa_supplicant-gui-2.9-lp151.5.10.1

wpa_supplicant-gui-debuginfo-2.9-lp151.5.10.1

References

https://www.suse.com/security/cve/CVE-2015-4141.html

https://www.suse.com/security/cve/CVE-2015-4142.html

https://www.suse.com/security/cve/CVE-2015-4143.html

https://www.suse.com/security/cve/CVE-2015-8041.html

https://www.suse.com/security/cve/CVE-2017-13077.html

https://www.suse.com/security/cve/CVE-2017-13078.html

https://www.suse.com/security/cve/CVE-2017-13079.html

https://www.suse.com/security/cve/CVE-2017-13080.html

https://www.suse.com/security/cve/CVE-2017-13081.html

https://www.suse.com/security/cve/CVE-2017-13082.html

https://www.suse.com/security/cve/CVE-2017-13086.html

https://www.suse.com/security/cve/CVE-2017-13087.html

https://www.suse.com/security/cve/CVE-2017-13088.html

https://www.suse.com/security/cve/CVE-2018-14526.html

https://www.suse.com/security/cve/CVE-2019-11555.html

https://www.suse.com/security/cve/CVE-2019-13377.html

https://www.suse.com/security/cve/CVE-2019-16275.html

https://www.suse.com/security/cve/CVE-2019-9494.html

https://www.suse.com/security/cve/CVE-2019-9495.htm...

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:2053-1
Rating: moderate
Affected Products: openSUSE Leap 15.1

Topics%20covered

Topics Covered

security advisory moderate security update patch wpa_supplicant openSUSE disconnection bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here