Описание
Security update for wpa_supplicant
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732).
- CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733).
Список пакетов
openSUSE Leap 15.3
wpa_supplicant-2.9-4.33.1
wpa_supplicant-gui-2.9-4.33.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0716-1
- SUSE Security Ratings
- SUSE Bug 1194732
- SUSE Bug 1194733
- SUSE CVE CVE-2022-23303 page
- SUSE CVE CVE-2022-23304 page
Описание
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
Затронутые продукты
openSUSE Leap 15.3:wpa_supplicant-2.9-4.33.1
openSUSE Leap 15.3:wpa_supplicant-gui-2.9-4.33.1
Ссылки
- CVE-2022-23303
- SUSE Bug 1194732
- SUSE Bug 1205064
Описание
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Затронутые продукты
openSUSE Leap 15.3:wpa_supplicant-2.9-4.33.1
openSUSE Leap 15.3:wpa_supplicant-gui-2.9-4.33.1
Ссылки
- CVE-2022-23304
- SUSE Bug 1194733
- SUSE Bug 1205064