Scientific Linux Security Update: SLSA-2014:1956-1 for wpa_supplicant

Dec 03, 2014 •

LinuxSecurity Advisories

1 min read

Topics Covered

security advisory moderate security update command injection wpa_supplicant scientific linux action scripts

Moderate: wpa_supplicant security update

Date: Wed, 3 Dec 2014 21:40:33 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: wpa_supplicant on SL7.x x86_64
MIME-Version: 1.0

Synopsis: Moderate: wpa_supplicant security update
Advisory ID: SLSA-2014:1956-1
Issue Date: 2014-12-03
CVE Numbers: CVE-2014-3686
--

A command injection flaw was found in the way the wpa_cli utility executed
action scripts. If wpa_cli was run in daemon mode to execute an action
script (specified using the -a command line option), and wpa_supplicant
was configured to connect to a P2P group, malicious P2P group parameterscould cause wpa_cli to execute arbitrary code. (CVE-2014-3686)
--

SL7
 x86_64
 wpa_supplicant-2.0-13.el7_0.x86_64.rpm
 wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here

Scientific Linux Security Update: SLSA-2014:1956-1 for wpa_supplicant

Topics Covered

Search Advisories & Updates

Recent Searches

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Scientific Linux Security Update: SLSA-2014:1956-1 for wpa_supplicant

Topics Covered

Search Advisories & Updates

Recent Searches

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!