CVEs have been assigned for the latest upstream advisory:
The upstream advisory is here:
Patches to fix the issue are in that same directory, and it will be fixed in 2.6.
We are not vulnerable in our default configuration, as update_config=1 is commented out in /etc/wpa_supplicant.conf.
Our hostapd package is not vulnerable at all as CONFIG_WPS is not enabled in our build.
Assigning to maintainer (tmb)
Patched packages uploaded for Mageia 5 and Cauldron.
Updated wpa_suppliant packages fix security vulnerabilities:
A vulnerability was found in how wpa_supplicant writes the configuration file
update for the WPA/WPA2 passphrase parameter. If this parameter has been
updated to include control characters either through a WPS operation
(CVE-2016-4476) or through local configuration change over the wpa_supplicant
control interface (CVE-2016-4477), the resulting configuration file may prevent
the wpa_supplicant from starting when the updated file is used. In addition, it
may be possible to load a local library file and execute code from there with
the same privileges under which the wpa_supplicant process runs.
Updated packages in core/updates_testing:
Linksys WRT54G router, 32-bit system with BCM4318 wifi, already updated to the 4.4.9 kernel. Update installed cleanly, no issues.
Rebooted into the 4.4.9 kernel, no issues noted. Secured wifi connection came up cleanly, did some browsing with Firefox 38.
Rebooted into the 4.1.15 kernel, no issues noted. Secured wifi connection came up cleanly, did some browsing with Firefox 38.
Testing complete mga5 64 with wpa2
has_procedure MGA5-32-OK =>
has_procedure MGA5-32-OK mga5-64-ok
has_procedure MGA5-32-OK mga5-64-ok =>
has_procedure advisory MGA5-32-OK mga5-64-okCC:
An update for this issue has been pushed to the Mageia Updates repository.