wpa_supplicant-2.9-5.el8

エラータID: AXSA:2021-1816:03

Release date: 
Tuesday, June 8, 2021 - 03:24
Subject: 
wpa_supplicant-2.9-5.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

* wpa_supplicant: P2P group information processing vulnerability (CVE-2021-0326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

Update to version 2.9-5

CVE-2021-0326
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. wpa_supplicant-2.9-5.el8.src.rpm
    MD5: f91c86703ba5b78d487173de930d9768
    SHA-256: 16cc5b7fe0dceed629bb7edc2db4875e00923860124662ebaf8ed95c879e125f
    Size: 3.13 MB

Asianux Server 8 for x86_64
  1. wpa_supplicant-2.9-5.el8.x86_64.rpm
    MD5: f65b2e5e2b5c93901760be9015321563
    SHA-256: 80e045af630aca9162cf2cf41f0fc8a84eb36dfdc21261afe39b4b2e6915331a
    Size: 1.95 MB