wpa_supplicant-2.6-12.el7.2

エラータID: AXSA:2021-1602:02

Release date: 
Tuesday, March 23, 2021 - 08:51
Subject: 
wpa_supplicant-2.6-12.el7.2
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

* wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-27803
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Solution: 

Update packages.

CVEs: 
CVE-2021-27803
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Additional Info: 

N/A

Download: 

SRPMS
  1. wpa_supplicant-2.6-12.el7.2.src.rpm
    MD5: 1f05e553a94c097beb9e789e5fac79ac
    SHA-256: c999e07037661a9981df3e083c9a6c0ce577ff982708a3791de617f21b87f3e0
    Size: 2.74 MB

Asianux Server 7 for x86_64
  1. wpa_supplicant-2.6-12.el7.2.x86_64.rpm
    MD5: 3017dfe9cd13930912c8668afa5254de
    SHA-256: 908f6c86381cc0f66d13e1401ed139b8fdf0de0596be01ffd845173b3eddf5f7
    Size: 1.18 MB