| Summary: | wpa_supplicant new security issue CVE-2021-27803 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-32-OK MGA8-64-OK | ||
| Source RPM: | wpa_supplicant-2.9-7.mga8.src.rpm | CVE: | CVE-2021-27803 |
| Status comment: | |||
|
Description
David Walser
2021-02-25 21:25:14 CET
David Walser
2021-02-25 21:25:30 CET
Status comment:
(none) =>
Patch available from upstream This has been assigned CVE-2021-27803: https://www.openwall.com/lists/oss-security/2021/02/27/1 Summary:
wpa_supplicant new security issue (upstream 2021-1) =>
wpa_supplicant new security issue CVE-2021-27803 fix pushed in mga7/8:
src:
- wpa_supplicant-2.9-1.4.mga7
- wpa_supplicant-2.9-8.1.mga8Whiteboard:
MGA8TOO, MGA7TOO =>
MGA7TOO RPMS list: wpa_supplicant-2.9-1.4.mga7 wpa_supplicant-gui-2.9-1.4.mga7 wpa_supplicant-2.9-8.1.mga8 wpa_supplicant-gui-2.9-8.1.mga8 AMD Phenom II X4, 8GB, Atheros wifi, 32-bit M7 Plasma system. Also, same hardware, 64-bit M8 Plasma system. Updated wpa_supplicant. No installation issues. Rebooted, just to make sure the updated package was the one being used. No issues noted on either install. Looks OK here. Validating for both. Keywords:
(none) =>
validated_update
Aurelien Oudelet
2021-02-28 22:46:26 CET
CC:
(none) =>
ouaurelien
Aurelien Oudelet
2021-02-28 22:47:53 CET
Whiteboard:
MGA7-32-OK MGA8-64-OK =>
MGA7TOO MGA7-32-OK MGA8-64-OK MGA8 x86_64 with Plasma and Intel AX200 for WiFi 6 chip Installing it over wpa_supplicant-2.9-8.mga8 using QA Repo. Success. WiFi runs well, connects correctly to a WPA2 protected Wireless Network Link is stable. and MGA7 x86_64 with Plasma and Intel 8260 WiFi 5 chip Installing it over wpa_supplicant-2.9-1.3.mga7 using QA Repo. Success. WiFi runs well, connects correctly to a WPA2 protected Wireless Network Link is stable. Advisory: ======================== Updated wpa_ssupplicant packages fix security vulnerability: A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range (CVE-2021-27803). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803 https://bugs.mageia.org/show_bug.cgi?id=28438 https://www.openwall.com/lists/oss-security/2021/02/27/1 https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt ======================== Updated packages in core/updates_testing: ======================== wpa_supplicant-2.9-1.4.mga7 wpa_supplicant-gui-2.9-1.4.mga7 wpa_supplicant-2.9-8.1.mga8 wpa_supplicant-gui-2.9-8.1.mga8 from SRPMS: wpa_supplicant-2.9-1.4.mga7 wpa_supplicant-2.9-8.1.mga8 Advisory commited to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0095.html Status:
NEW =>
RESOLVED Ubuntu has issued an advisory for this on March 3: https://ubuntu.com/security/notices/USN-4757-1 |