openSUSE has issued an advisory on March 17: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AKJ5RJUGPLMQGVVTYXAB2ZAUDYSCVDB6/ Fix in https://download.opensuse.org/source/tumbleweed/repo/oss/src/wpa_supplicant-2.11-4.1.src.rpm and https://download.opensuse.org/source/tumbleweed/repo/oss/src/hostapd-2.11-2.1.src.rpm
CVE: (none) => CVE-2025-24912Source RPM: (none) => wpa_supplicant-2.11-1.mga9.src.rpm, hostapd-2.11-1.mga9.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Patch available from openSUSE
Thank you for the fix URLs. Different packagers commit these SRPMs, so assigning this globally. CC'ing Mike Rambo because you did the latest Hostpad update.
Assignee: bugsquad => pkg-bugsCC: (none) => mhrambo3501
Fixed both Cauldron and mga9!
CC: (none) => geiger.david68210Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== wpa_supplicant-2.11-1.1.mga9 wpa_supplicant-gui-2.11-1.1.mga9 From SRPMS: wpa_supplicant-2.11-1.1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugs
Hi, According to openSUSE SRPMS, hostapd also needs to be patched. Best regards, Nico.
Keywords: (none) => feedback
Suggested advisory: ======================== The updated packages fix a security vulnerability: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AKJ5RJUGPLMQGVVTYXAB2ZAUDYSCVDB6/ ======================== Updated packages in core/updates_testing: ======================== hostapd-2.11-1.1.mga9 wpa_supplicant-2.11-1.1.mga9 wpa_supplicant-gui-2.11-1.1.mga9 from SRPMS: hostapd-2.11-1.1.mga9.src.rpm wpa_supplicant-2.11-1.1.mga9.src.rpm
Keywords: feedback => (none)Status comment: Patch available from openSUSE => (none)Status: NEW => ASSIGNED
Keywords: (none) => advisory
RH i586 installing wpa_supplicant-2.11-1.1.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ####################################################################################### 1/1: wpa_supplicant ####################################################################################### 1/1: removing wpa_supplicant-2.11-1.mga9.i586 ####################################################################################### Reboot Wifi OK
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Rebooted after installation and wifi is OK. Now for the hostapd ..... MCC has an item to share the internet connection, I guess that's what this is all about. But the info when opening this says: "Note: you need a dedicated Network Adapter to set up a Local Area Network (LAN). Please disable Mageia Firewall for the network adapter connected to your LAN connection before proceeding." So this could mean I'll have to use my Ethernet connetion to share. I don't have the time right now to delve into this, maybe tomorrow. If someone else can do a successfull test, give the OK then.
CC: (none) => herman.viaene
@Herman: I know next to nothing about hostapd, but you did do a test of it a few years ago. Check bug 25430 comment 11 to see what you did.
CC: (none) => andrewsfarm
RH i586 LC_ALL=C urpmi hostapd installing hostapd-2.11-1.1.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ####################################################################################### 1/1: hostapd ####################################################################################### systemctl start hostapd.service systemctl status hostapd.service ● hostapd.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Loaded: loaded (/usr/lib/systemd/system/hostapd.service; disabled; preset: disabled) Active: active (running) since Sat 2025-03-22 17:20:59 CST; 3s ago Process: 8077 ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B (code=exited, status=0/SUC> Main PID: 8089 (hostapd) Tasks: 1 (limit: 4748) Memory: 540.0K CPU: 144ms CGroup: /system.slice/hostapd.service └─8089 /usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B mar 22 17:20:58 cefiro systemd[1]: Starting hostapd.service... mar 22 17:20:59 cefiro hostapd[8077]: wlp1s0: interface state UNINITIALIZED->ENABLED mar 22 17:20:59 cefiro hostapd[8077]: wlp1s0: AP-ENABLED mar 22 17:20:59 cefiro systemd[1]: hostapd.service: Failed to parse PID from file /run/hostapd.pid: Invalid argument mar 22 17:20:59 cefiro hostapd[8089]: wlp1s0: STA 10:50:72:e6:70:20 IEEE 802.11: disassociated mar 22 17:20:59 cefiro systemd[1]: Started hostapd.service. I'm not smart enough to make this works, calling to PC LX
CC: (none) => mageia
# systemctl -l status hostapd ○ hostapd.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Loaded: loaded (/usr/lib/systemd/system/hostapd.service; disabled; preset: disabled) Active: inactive (dead) [root@mach3 ~]# systemctl start hostapd Job for hostapd.service failed because the control process exited with error code. See "systemctl status hostapd.service" and "journalctl -xeu hostapd.service" for details. Changed the /etc/hostapd/hostapd.conf for the line "interface" to wlo1, then # systemctl start hostapd # systemctl -l status hostapd ● hostapd.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Loaded: loaded (/usr/lib/systemd/system/hostapd.service; disabled; preset: disabled) Active: active (running) since Sun 2025-03-23 10:27:14 CET; 5s ago Process: 4462 ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B (code=exited, status=0/SUCCESS) Main PID: 4465 (hostapd) Tasks: 1 (limit: 8806) Memory: 816.0K CPU: 40ms CGroup: /system.slice/hostapd.service └─4465 /usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B Mar 23 10:27:14 mach3.hviaene.thuis systemd[1]: Starting hostapd.service... Mar 23 10:27:14 mach3.hviaene.thuis hostapd[4462]: wlo1: interface state UNINITIALIZED->ENABLED Mar 23 10:27:14 mach3.hviaene.thuis hostapd[4462]: wlo1: AP-ENABLED Mar 23 10:27:14 mach3.hviaene.thuis hostapd[4465]: wlo1: STA 34:31:c4:80:a9:b6 IEEE 802.11: disassociated Mar 23 10:27:14 mach3.hviaene.thuis systemd[1]: hostapd.service: Failed to parse PID from file /run/hostapd.pid: Invalid argument Mar 23 10:27:14 mach3.hviaene.thuis systemd[1]: Started hostapd.service. # hostapd_cli hostapd_cli v2.11 Copyright (c) 2004-2024, Jouni Malinen <j@w1.fi> and contributors This software may be distributed under the terms of the BSD license. See README for more details. Selected interface 'wlo1' Interactive mode > help commands: ping = pings hostapd mib = get MIB variables (dot1x, dot11, radius) relog = reload/truncate debug log output file close_log = disable debug log output file status = show interface status info sta <addr> = get MIB variables for one station all_sta = get MIB variables for all stations list_sta = list all stations new_sta <addr> = add a new station and a load more .... > status state=ENABLED phy=phy0 freq=2412 num_sta_non_erp=0 num_sta_no_short_slot_time=0 num_sta_no_short_preamble=0 olbc=0 num_sta_ht_no_gf=0 num_sta_no_ht=0 num_sta_ht_20_mhz=0 num_sta_ht40_intolerant=0 olbc_ht=0 ht_op_mode=0x0 hw_mode=g cac_time_seconds=0 cac_time_left_seconds=N/A channel=1 edmg_enable=0 edmg_channel=0 secondary_channel=0 ieee80211n=0 ieee80211ac=0 ieee80211ax=0 ieee80211be=0 beacon_int=100 dtim_period=2 supported_rates=02 04 0b 16 0c 12 18 24 30 48 60 6c max_txpower=20 bss[0]=wlo1 bssid[0]=b8:ee:65:09:66:0c ssid[0]=test num_sta[0]=1 > quit
# systemctl stop hostapd leaves the wifi intact, so seems good to go.
Whiteboard: (none) => MGA9-64-OK
Thank you, Herman. Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0113.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED