Upstream has issued advisories on April 10 and August 7: https://w1.fi/security/2019-1/sae-side-channel-attacks.txt https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt SAE is enabled in Mageia 7's wpa_supplicant, but not Mageia 6's, and not in hostapd. Brainpool curves are not supported in Mageia 6's OpenSSL either. Also, according to the advisories, the default runtime configuration is not vulnerable, so this one probably isn't a big deal. I've updated Mageia 7's hostapd as well, just to match wpa_supplicant. Updated packages: wpa_supplicant-2.9-1.mga7 wpa_supplicant-gui-2.9-1.mga7 hostapd-2.9-1.mga7 from SRPMS: wpa_supplicant-2.9-1.mga7.src.rpm hostapd-2.9-1.mga7.src.rpm
When started with systemctl, my connection starts and works and then fails a few tens os second later. In logs : -- The unit wpa_supplicant.service has entered the 'failed' state with result 'timeout'. When started manually, it works ok (and stay in foreground) # INTERFACES="" # DRIVERS="" # OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf" # /usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS Would -B parameter be missing on ExecStart lne in wpa_supplicant.service file ? Regards # cat /usr/lib/systemd/system/wpa_supplicant.service [Unit] Description=WPA Supplicant daemon Before=network.target After=syslog.target [Service] Type=dbus BusName=fi.epitest.hostap.WPASupplicant EnvironmentFile=-/etc/sysconfig/wpa_supplicant ExecStart=/usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid $INTERFACES $DRIVERS $OTHER_ARGS [Install] WantedBy=multi-user.target Alias=dbus-fi.epitest.hostap.WPASupplicant.service [root@uranus etc]# more /etc/sysconfig/wpa_supplicant # Use the flag "-i" before each of your interfaces, like so: # INTERFACES="-ieth1 -iwlan0" INTERFACES="" # Use the flag "-D" before each driver, like so: # DRIVERS="-Dwext" DRIVERS="" # Other arguments # -P Write pid file to /run/wpa_supplicant.pid # required to return proper codes by init scripts (e.g. double "start" action) # -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d OTHER_ARGS=" -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant.conf"
CC: (none) => boulshet
CC: (none) => tmb
i forgot to mention that i am running Cauldron.
Fixed in 2.9.2 by wally
Thanks. Updated packages: wpa_supplicant-2.9-1.1.mga7 wpa_supplicant-gui-2.9-1.1.mga7 hostapd-2.9-1.mga7 from SRPMS: wpa_supplicant-2.9-1.1.mga7.src.rpm hostapd-2.9-1.mga7.src.rpm
Created attachment 11253 [details] wpa_supplicant: version, services, hardware Tested with Mga7, networkmanager and plasma-applet-nm, mode WPA2-PSK, IPv4 and IPv6 connected and working ok. Ulrich
CC: (none) => bequimao.de
Whiteboard: (none) => MGA7-64-OK
Ubuntu has issued an advisory on August 14: https://usn.ubuntu.com/4098-1/ It adds a new CVE for the issues fixed in 2.9.
Summary: wpa_supplicant new security issue CVE-2019-9494 => wpa_supplicant new security issues CVE-2019-9494 and CVE-2019-13377
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0229.html
Status: NEW => RESOLVEDResolution: (none) => FIXED