SUSE-SU-2024:0818-1

Опубликовано: 08 мар. 2024

Источник: suse-cvrf

Описание

Security update for wpa_supplicant

This update for wpa_supplicant fixes the following issues:

CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

wpa_supplicant-2.9-23.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

wpa_supplicant-2.9-23.20.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240818-1/
Link for SUSE-SU-2024:0818-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018125.html
E-Mail link for SUSE-SU-2024:0818-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1219975
SUSE Bug 1219975
https://www.suse.com/security/cve/CVE-2023-52160/
SUSE CVE CVE-2023-52160 page

Описание

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:wpa_supplicant-2.9-23.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:wpa_supplicant-2.9-23.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52160.html
CVE-2023-52160
https://bugzilla.suse.com/1219975
SUSE Bug 1219975

SUSE-SU-2024:0818-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2023-52160

Описание

Затронутые продукты

Ссылки