Upstream has issued an advisory today (August 8): https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt Patches are available in the same directory and it will be fixed in 2.7. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
Assignee: bugsquad => tmbCC: (none) => marja11
Fedora has issued an advisory for this today (August 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/
Done for Cauldron! For mga6 can I sync it with Cauldron one to switch the gui to Qt5?
CC: (none) => geiger.david68210
(In reply to David GEIGER from comment #3) > Done for Cauldron! > Thanks. > For mga6 can I sync it with Cauldron one to switch the gui to Qt5? Go ahead.
So done also for mga6 adding the patch and porting the gui to Qt5!
Advisory: ======================== Updated wpa_supplicant packages fix security vulnerability: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information (CVE-2018-14526). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526 https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/ ======================== Updated packages in core/updates_testing: ======================== wpa_supplicant-2.6-1.2.mga6 wpa_supplicant-gui-2.6-1.2.mga6 from wpa_supplicant-2.6-1.2.mga6.src.rpm
CC: (none) => tmbWhiteboard: MGA6TOO => (none)Assignee: tmb => qa-bugsVersion: Cauldron => 6
Works here on x86_64
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory
works on 32bit too, validating
Keywords: (none) => validated_updateWhiteboard: MGA6-64-OK => mga6-64-ok, mga6-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0348.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED