Bug 17124 - wpa_supplicant new security issues CVE-2015-531[056], hostapd new security issue CVE-2015-5314
Summary: wpa_supplicant new security issues CVE-2015-531[056], hostapd new security is...
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thomas Backlund
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/664041/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-10 21:07 CET by David Walser
Modified: 2015-11-11 19:50 CET (History)
0 users

See Also:
Source RPM: wpa_supplicant, hostapd
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-11-10 21:07:16 CET 
Upstream has issued advisories today (November 10):
http://openwall.com/lists/oss-security/2015/11/10/9
http://openwall.com/lists/oss-security/2015/11/10/10
http://openwall.com/lists/oss-security/2015/11/10/11

The packages are only vulnerable if the CONFIG_WNM or CONFIG_WPA_PWD options are set in the configuration, which they are not in our packages, so this bug is INVALID.  I'm just filing this so we know it's already been looked into.  Also, we should still update to 2.6 in Cauldron.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-11-10 21:07:39 CET 
Closing as our configurations are not affected.  Please update Cauldron to 2.6.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

David Walser 2015-11-11 19:50:00 CET

URL: (none) => http://lwn.net/Vulnerabilities/664041/
Note You need to log in before you can comment on or make changes to this bug.