wpa_supplicant-2.6-12.el7
エラータID: AXSA:2019-3663:01
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.
Security Fix(es):
* wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.
CVE-2018-14526
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
through 2.6. Under certain conditions, the integrity of EAPOL-Key
messages is not checked, leading to a decryption oracle. An attacker
within range of the Access Point and client can abuse the
vulnerability to recover sensitive information.
Update packages.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
N/A
SRPMS
- wpa_supplicant-2.6-12.el7.src.rpm
MD5: 837e6373edb3ae52c90646448ec4ddb9
SHA-256: 67d54b545f011b3705e4638ef6bbbc229b1da92c30409770e1be73585440d3fa
Size: 2.74 MB
Asianux Server 7 for x86_64
- wpa_supplicant-2.6-12.el7.x86_64.rpm
MD5: c81c4604c9b7a13f05fdfab9dda82eb2
SHA-256: f89681b623a38a1c3bc03be8de752351bf41eeda4094bf3702bc74be659baab2
Size: 1.18 MB
日本語