Upstream has issued advisories on April 10 and August 7:
SAE is enabled in Mageia 7's wpa_supplicant, but not Mageia 6's, and not in hostapd. Brainpool curves are not supported in Mageia 6's OpenSSL either. Also, according to the advisories, the default runtime configuration is not vulnerable, so this one probably isn't a big deal.
I've updated Mageia 7's hostapd as well, just to match wpa_supplicant.
When started with systemctl, my connection starts and works and then fails a few tens os second later.
In logs :
-- The unit wpa_supplicant.service has entered the 'failed' state with result 'timeout'.
When started manually, it works ok (and stay in foreground)
# OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"
# /usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS
Would -B parameter be missing on ExecStart lne in wpa_supplicant.service file ?
# cat /usr/lib/systemd/system/wpa_supplicant.service
Description=WPA Supplicant daemon
ExecStart=/usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS
[root@uranus etc]# more /etc/sysconfig/wpa_supplicant
# Use the flag "-i" before each of your interfaces, like so:
# INTERFACES="-ieth1 -iwlan0"
# Use the flag "-D" before each driver, like so:
# Other arguments
# -P Write pid file to /run/wpa_supplicant.pid
# required to return proper codes by init scripts (e.g. double "start" action)
# -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d
OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"
i forgot to mention that i am running Cauldron.
Fixed in 2.9.2 by wally
Created attachment 11253 [details]
wpa_supplicant: version, services, hardware
Tested with Mga7, networkmanager and plasma-applet-nm, mode WPA2-PSK,
IPv4 and IPv6 connected and working ok.
Ubuntu has issued an advisory on August 14:
It adds a new CVE for the issues fixed in 2.9.
wpa_supplicant new security issue CVE-2019-9494 =>
wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377