Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:1853-1 Important: wpa_supplicant Side-Channel Attack Fixes

suse
Calendar Grey May 26, 2022
Dist Suse Esm H88
SUSE Security Patch: Addresses various vulnerabilities in wpa_supplicant with critical enhancements. Ensure your systems are secure and up-to-date.
An update that fixes 20 vulnerabilities, contains one feature is now available

Summary

This update for wpa_supplicant fixes the following issues: - CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733) - CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777) - Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805) - Limit P2P_DEVICE name to appropriate ifname size - Enable SAE support(jsc#SLE-14992). - Fix wicked wlan (bsc#1156920) - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) - Adjust the service to start after network.target wrt bsc#1165266 Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks

Topics%20covered

Topics Covered

security advisory update important wpa_supplicant side-channel attack systemd

References

#1131644 #1131868 #1131870 #1131871 #1131872

#1131874 #1133640 #1144443 #1156920 #1165266

#1166933 #1167331 #1182805 #1194732 #1194733

SLE-14992

Cross- CVE-2015-8041 CVE-2017-13077 CVE-2017-13078

CVE-2017-13079 CVE-2017-13080 CVE-2017-13081

CVE-2017-13082 CVE-2017-13086 CVE-2017-13087

CVE-2017-13088 CVE-2018-14526 CVE-2019-11555

CVE-2019-13377 CVE-2019-9494 CVE-2019-9495

CVE-2019-9497 CVE-2019-9498 CVE-2019-9499

CVE-2022-23303 CVE-2022-23304

CVSS scores:

CVE-2017-13077 (NVD) : 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2017-13077 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2017-13078 (NVD) : 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2017-13078 (SUSE): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1853-1
Rating: important

Topics%20covered

Topics Covered

security advisory update important wpa_supplicant side-channel attack systemd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here