Описание
ELSA-2018-3107: wpa_supplicant security and bug fix update (MODERATE)
[1:2.6-12]
- Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526)
[1:2.6-11]
- Better handling of /run/wpa_supplicant (rh #1507919)
[1:2.6-10]
- Fix memory leak when macsec MKA/PSK is used (rh #1500442)
- Fix authentication failure when the MAC is updated externally (rh #1490885)
- Let the kernel discard EAPOL if packet type is PACKET_OTHERHOST (rh #1434434)
- Dont restart wpa_supplicant.service on package upgrade (rh #1505404)
- Dont own a directory in /run/ (rh #1507919)
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
wpa_supplicant
2.6-12.el7
Связанные CVE
Связанные уязвимости
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 throug ...
