Bug 18335 - wpa_supplicant new security issues CVE-2016-4476 and CVE-2016-4477
Summary: wpa_supplicant new security issues CVE-2016-4476 and CVE-2016-4477
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/687592/
Whiteboard: has_procedure advisory MGA5-32-OK mga...
Keywords: validated_update
Depends on:
Reported: 2016-05-03 11:36 CEST by David Walser
Modified: 2016-05-22 00:12 CEST (History)
4 users (show)

See Also:
Source RPM: wpa_supplicant-2.5-3.mga6.src.rpm
Status comment:


Description David Walser 2016-05-03 11:36:55 CEST
CVEs have been assigned for the latest upstream advisory:

The upstream advisory is here:

Patches to fix the issue are in that same directory, and it will be fixed in 2.6.

We are not vulnerable in our default configuration, as update_config=1 is commented out in /etc/wpa_supplicant.conf.

Our hostapd package is not vulnerable at all as CONFIG_WPS is not enabled in our build.
David Walser 2016-05-03 11:37:23 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-05-03 12:44:56 CEST
Assigning to maintainer (tmb)

CC: (none) => makowski.mageia, marja11
Assignee: bugsquad => tmb

David Walser 2016-05-17 21:20:11 CEST

URL: (none) => http://lwn.net/Vulnerabilities/687592/

Comment 2 David Walser 2016-05-18 22:48:06 CEST
Patched packages uploaded for Mageia 5 and Cauldron.


Updated wpa_suppliant packages fix security vulnerabilities:

A vulnerability was found in how wpa_supplicant writes the configuration file
update for the WPA/WPA2 passphrase parameter. If this parameter has been
updated to include control characters either through a WPS operation
(CVE-2016-4476) or through local configuration change over the wpa_supplicant
control interface (CVE-2016-4477), the resulting configuration file may prevent
the wpa_supplicant from starting when the updated file is used. In addition, it
may be possible to load a local library file and execute code from there with
the same privileges under which the wpa_supplicant process runs.


Updated packages in core/updates_testing:

from wpa_supplicant-2.3-3.1.mga5.src.rpm

Version: Cauldron => 5
Assignee: tmb => qa-bugs
Whiteboard: MGA5TOO => (none)

Comment 3 Thomas Andrews 2016-05-20 03:46:17 CEST
Linksys  WRT54G router, 32-bit system with BCM4318 wifi, already updated to the 4.4.9 kernel. Update installed cleanly, no issues. 

Rebooted into the 4.4.9 kernel, no issues noted. Secured wifi connection came up cleanly, did some browsing with Firefox 38.

Rebooted into the 4.1.15 kernel, no issues noted. Secured wifi connection came up cleanly, did some browsing with Firefox 38.

CC: (none) => andrewsfarm

claire robinson 2016-05-21 20:47:38 CEST

Whiteboard: (none) => has_procedure MGA5-32-OK

Comment 4 claire robinson 2016-05-21 20:54:24 CEST
Testing complete mga5 64 with wpa2

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-ok

claire robinson 2016-05-21 21:45:54 CEST

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2016-05-22 00:12:17 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.