AXSA:2021-1577:01

Release date: 
Thursday, March 11, 2021 - 11:48
Subject: 
wpa_supplicant-2.9-2.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

* wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-27803
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. wpa_supplicant-2.9-2.el8.1.src.rpm
    MD5: 11163cbb8cb3a97b6d473dd661215821
    SHA-256: c3ab1380c6ed9c08e5fc19409606f9020e775faac92a5af6645c3c8745c9ea7a
    Size: 3.12 MB

Asianux Server 8 for x86_64
  1. wpa_supplicant-2.9-2.el8.1.x86_64.rpm
    MD5: d854580b2286c9271e20a28c3d7c6878
    SHA-256: c6d33b91f2111fd3216a46a035e38900530a935b52dc3179f150f111530100f6
    Size: 1.95 MB
Copyright© 2007-2015 Asianux. All rights reserved.