Описание
Security update for wpa_supplicant
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732).
- CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
wpa_supplicant-2.9-23.15.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
wpa_supplicant-2.9-23.15.1
Ссылки
- Link for SUSE-SU-2022:0504-1
- E-Mail link for SUSE-SU-2022:0504-1
- SUSE Security Ratings
- SUSE Bug 1194732
- SUSE Bug 1194733
- SUSE CVE CVE-2022-23303 page
- SUSE CVE CVE-2022-23304 page
Описание
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:wpa_supplicant-2.9-23.15.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:wpa_supplicant-2.9-23.15.1
Ссылки
- CVE-2022-23303
- SUSE Bug 1194732
- SUSE Bug 1205064
Описание
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:wpa_supplicant-2.9-23.15.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:wpa_supplicant-2.9-23.15.1
Ссылки
- CVE-2022-23304
- SUSE Bug 1194733
- SUSE Bug 1205064