Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.2: 2020:2059-1 moderate: wpa_supplicant issues fixed

opensuse
Calendar Grey November 27, 2020
Dist Opensuse Esm H88
# openSUSE Security Update openSUSE has released a notification concerning wpa_supplicant, patching 22 distinct vulnerabilities. Users are advised to apply updates promptly.
An update that fixes 22 vulnerabilities is now available.

Description

This update for wpa_supplicant fixes the following issues:

Security issue fixed:

- CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass

(bsc#1150934).

Non-security issues fixed:

- Enable SAE support (jsc#SLE-14992).

- Limit P2P_DEVICE name to appropriate ifname size.

- Fix wicked wlan (bsc#1156920)

- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)

- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete

(bsc#1167331)

- Fix WLAN config on boot with wicked. (bsc#1166933)

- Update to 2.9 release:

* SAE changes

- disable use of groups using Brainpool curves

- improved protection against side channel attacks

[https://w1.fi/security/2019-6/

* EAP-pwd changes

- disable use of groups using Brainpool curves

- allow the set of groups to be configured (eap_pwd_groups)

- improved protection against side channel attacks

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate fix wpa_supplicant openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2059=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

wpa_supplicant-2.9-lp152.8.3.1

wpa_supplicant-debuginfo-2.9-lp152.8.3.1

wpa_supplicant-debugsource-2.9-lp152.8.3.1

wpa_supplicant-gui-2.9-lp152.8.3.1

wpa_supplicant-gui-debuginfo-2.9-lp152.8.3.1

References

https://www.suse.com/security/cve/CVE-2015-4141.html

https://www.suse.com/security/cve/CVE-2015-4142.html

https://www.suse.com/security/cve/CVE-2015-4143.html

https://www.suse.com/security/cve/CVE-2015-8041.html

https://www.suse.com/security/cve/CVE-2017-13077.html

https://www.suse.com/security/cve/CVE-2017-13078.html

https://www.suse.com/security/cve/CVE-2017-13079.html

https://www.suse.com/security/cve/CVE-2017-13080.html

https://www.suse.com/security/cve/CVE-2017-13081.html

https://www.suse.com/security/cve/CVE-2017-13082.html

https://www.suse.com/security/cve/CVE-2017-13086.html

https://www.suse.com/security/cve/CVE-2017-13087.html

https://www.suse.com/security/cve/CVE-2017-13088.html

https://www.suse.com/security/cve/CVE-2018-14526.html

https://www.suse.com/security/cve/CVE-2019-11555.html

https://www.suse.com/security/cve/CVE-2019-13377.html

https://www.suse.com/security/cve/CVE-2019-16275.html

https://www.suse.com/security/cve/CVE-2019-9494.html

https://www.suse.com/security/cve/CVE-2019-9495.htm...

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:2059-1
Rating: moderate
Affected Products: openSUSE Leap 15.2

Topics%20covered

Topics Covered

security advisory moderate fix wpa_supplicant openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here