Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 40 articles for you...
172
security advisoryUbuntuwpa_supplicantUbuntu Releases 20.04 to 24.10: USN-7317-1 Addresses WPA Info Exposure
wpa_supplicant and hostapd could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-7317-1 March 03, 2025 wpa vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: wpa_supplicant and hostapd could be made to expose sensitive information over the network. Software Description: - wpa: client support for WPA and WPA2 Details: George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpa_supplicant and hostapd reused encryption elements in the PKEX protocol. An attacker could possibly use this issue to impersonate a wireless access point, and obtain sensitive information. (CVE-2022-37660) Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered that wpa_supplicant and hostapd were vulnerable to side channel attacks due to the cache access patterns. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-23303, CVE-2022-23304) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 hostapd 2:2.10-22ubuntu0.1 wpasupplicant 2:2.10-22ubuntu0.1 Ubuntu 24.04 LTS hostapd 2:2.10-21ubuntu0.2 wpasupplicant 2:2.10-21ubuntu0.2 Ubuntu 22.04 LTS hostapd 2:2.10-6ubuntu2.2 wpasupplicant 2:2.10-6ubuntu2.2 Ubuntu 20.04 LTS hostapd 2:2.9-1ubuntu4.6 wpasupplicant 2:2.9-1ubuntu4.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7317-1 CVE-2022-23303, CVE-2022-23304, CVE-2022-37660 Package Information: https://launchpad.net/ubuntu/+source/wpa/2:2.10-22ubuntu0.1 https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.2 https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.2 https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.6 . Security Update Announcement for Ubuntu USN-7317-1 concerning vulnerabilities in wpa_supplicant and hostapd leading to potential exposure of private data.. wpa_supplicant updates, hostapd security, Ubuntu advisory, network security issues. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2025
•Critical
Ubuntu
203
security advisorysecurity updatenetwork attackMageia 9: MGASA-2024-0322 critical: hostapd & wpa_supplicant network issue
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because . MGASA-2024-0322 - Updated hostapd & wpa_supplicant packages fix security vulnerability Publication date: 04 Oct 2024 URL: https://advisories.mageia.org/MGASA-2024-0322.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-52424 The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake. References: - https://bugs.mageia.org/show_bug.cgi?id=33523 - https://lists.fedoraproject.org/archives/list/
Oct 04, 2024
•Critical
Mageia
89
security advisorysecurity updateFedoraFedora 40: 2024-73626281d8 Moderate: Hostapd SSID Attack Security Update
Update to upstream version 2.11.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-73626281d8 2024-08-03 01:49:11.241974 -------------------------------------------------------------------------------- Name : hostapd Product : Fedora 40 Version : 2.11 Release : 1.fc40 URL : http://w1.fi/hostapd Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Description : hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. -------------------------------------------------------------------------------- Update Information: Update to upstream version 2.11. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 29 2024 Davide Caratti - 1:2.11-1 - Update to version 2.11 (#2299039) - Disable OpenSSL ENGINE API -------------------------------------------------------------------------------- References: [ 1 ] Bug #2293095 - CVE-2023-52424 wpa_supplicant: 802.11: SSID Confusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293095 [ 2 ] Bug #2293097 - CVE-2023-52424 hostapd: 802.11: SSID Confusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293097 [ 3 ] Bug #2299036 - wpa_supplicant-2.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2299036 [ 4 ] Bug #2299039 - hostapd-2.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2299039 [ 5 ] Bug #2301368 - wpa_supplicant: FTBFS in Fedora rawhide/f41 https://bugzilla.redhat.com/show_bug.cgi?id=2301368 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-73626281d8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 03, 2024
•Important
Fedora
91
security advisoryarbitrary code executionwpa_supplicantGentoo: GLSA 202309-16 Normal: Hostapd and wpa_supplicant Flaws
Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: wpa_supplicant, hostapd: Multiple Vulnerabilities Date: September 30, 2023 Bugs: #768759, #780135, #780138, #831332 ID: 202309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Background ========== wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers. Affected packages ================= Package Vulnerable Unaffected --------------------------- ------------ ------------ net-wireless/hostapd < 2.10 > = 2.10 net-wireless/wpa_supplicant < 2.10 > = 2.10 Description =========== Multiple vulnerabilities have been discovered in hostapd and wpa_supplicant. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All wpa_supplicant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-wireless/wpa_supplicant-2.10" All hostapd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-wireless/hostapd-2.10" References ========== [ 1 ] CVE-2021-30004 https://nvd.nist.gov/vuln/detail/CVE-2021-30004 [ 2 ] CVE-2022-23303 https://nvd.nist.gov/vuln/detail/CVE-2022-23303 [ 3 ] CVE-2022-23304 https://nvd.nist.gov/vuln/detail/CVE-2022-23304 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202309-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 30, 2023
Gentoo
89
security advisorycriticalFedoraFedora 35: Important Security Fix for Critical DoS Issues in Hostapd
Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which upstream maintainer advises for these CVEs.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-da8222a1bc 2022-02-13 01:14:18.017207 --------------------------------------------------------------------------------Name : hostapd Product : Fedora 35 Version : 2.10 Release : 3.fc35 URL : http://w1.fi/hostapd/ Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Description : hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. --------------------------------------------------------------------------------Update Information: Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which upstream maintainer advises for these CVEs. --------------------------------------------------------------------------------ChangeLog: * Thu Jan 20 2022 Fedora Release Engineering - 2.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jan 19 2022 John W. Linville - 2.10-2 - Enable CONFIG_OCV build option to fight multi-channel MITM attacks * Mon Jan 17 2022 John W. Linville - 2.10-1 - Update to version 2.10 from upstream - Enable support for IEEE802.11ax * Tue Sep 14 2021 Sahana Prasad - 2.9-13 - Rebuilt with OpenSSL 3.0.0 * Fri Sep 10 2021 Davide Caratti - 2.9-12 - backport fix for NetworkManager-ci failures with openssl-3.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #2044599 -CVE-2022-23304 wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns https://bugzilla.redhat.com/show_bug.cgi?id=2044599 [ 2 ] Bug #2044602 - CVE-2022-23303 wpa_supplicant: SAE side channel attacks as a result of cache access patterns https://bugzilla.redhat.com/show_bug.cgi?id=2044602 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-da8222a1bc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 12, 2022
•Important
Fedora
203
security advisorymoderatewpa_supplicantMageia 8: MGASA-2022-0025 Moderate: wpa_supplicant Side Channel Attack
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. . MGASA-2022-0025 - Updated wpa_supplicant packages fix security vulnerability Publication date: 18 Jan 2022 URL: https://advisories.mageia.org/MGASA-2022-0025.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-23303 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. References: - https://bugs.mageia.org/show_bug.cgi?id=29899 - https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt - https://nvd.nist.gov/vuln/detail/CVE-2022-23303 - https://www.cve.org/CVERecord?id=CVE-2022-23303 SRPMS: - 8/core/wpa_supplicant-2.9-8.3.mga8 . MGASA-2022-0026 covers a vulnerability found in NetworkManager, crucial for safeguarding Mageia 8 users against potential threats.. wpa_supplicant Security, Mageia Update, Side Channel Attack, Hostapd Vulnerability, Security Fix. . LinuxSecurity.com Team
Jan 18, 2022
Mageia
203
security advisorywpa_supplicanthostapdMageia: 2021-0254 Critical: wpa_supplicant Hostapd Forging Attack Fix
The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). References: - https://bugs.mageia.org/show_bug.cgi?id=29046 . MGASA-2021-0254 - Updated wpa_supplicant, hostapd packages fix security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0254.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-30004 The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). References: - https://bugs.mageia.org/show_bug.cgi?id=29046 - - - https://www.cve.org/CVERecord?id=CVE-2021-30004 SRPMS: - 8/core/wpa_supplicant-2.9-8.2.mga8 - 8/core/hostapd-2.9-5.1.mga8 - 7/core/wpa_supplicant-2.9-1.5.mga7 - 7/core/hostapd-2.9-1.3.mga7 . MGASA-2021-0255 introduces essential modifications for wpa_supplicant and hostapd addressing vulnerabilities in computational processing mechanisms.. wpa_supplicant update, hostapd fix, Mageia security advisory. . Severity: Critical. LinuxSecurity.com Team
Jun 13, 2021
•Critical
Mageia
87
security advisorydenial of servicesecurity issueDebian Buster DSA-4898-1 Critical: wpa Denial Of Service Advisory
Several vulnerabilities have been discovered in wpa_supplicant and hostapd. CVE-2020-12695 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4898-1
Apr 22, 2021
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!