Bug 17124

Summary: wpa_supplicant new security issues CVE-2015-531[056], hostapd new security issue CVE-2015-5314
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/664041/
Whiteboard:
Source RPM: wpa_supplicant, hostapd CVE:
Status comment:

Description David Walser 2015-11-10 21:07:16 CET 
Upstream has issued advisories today (November 10):
http://openwall.com/lists/oss-security/2015/11/10/9
http://openwall.com/lists/oss-security/2015/11/10/10
http://openwall.com/lists/oss-security/2015/11/10/11

The packages are only vulnerable if the CONFIG_WNM or CONFIG_WPA_PWD options are set in the configuration, which they are not in our packages, so this bug is INVALID.  I'm just filing this so we know it's already been looked into.  Also, we should still update to 2.6 in Cauldron.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-11-10 21:07:39 CET 
Closing as our configurations are not affected.  Please update Cauldron to 2.6.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

David Walser 2015-11-11 19:50:00 CET

URL: (none) => http://lwn.net/Vulnerabilities/664041/