Opened 2 years ago
Closed 2 years ago
#15851 closed enhancement (fixed)
Create patch for CVEs in wpa_supplicant
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
See message on blfs-support titled "wpa_supplicant security patches"
there are a few CVE patches pending for wpa_supplicant but there's no release in sight. This is the list of issues, not sure how serious they are, seems to affect only Access Points and Peer to Peer (Wi-Fi Direct) uses: * 2019-7 AP mode PMF disconnection protection bypass * 2020-1 UPnP SUBSCRIBE misbehavior in hostapd WPS AP * 2020-2 wpa_supplicant P2P group information processing vulnerability * 2021-1 wpa_supplicant P2P provision discovery processing vulnerability
Change History (4)
comment:1 by , 2 years ago
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 years ago
These CVEs are known as:
CVE-2019-16275
CVE-2020-12695
CVE-2021-0326
CVE-2021-27803
The patches above do not contain fixes for CVE-2021-30004 or CVE-2021-0535 - https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 and https://w1.fi/cgit/hostap/commit/wpa_supplicant/?id=8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55 should fix those right up.
In total, that's 6 CVEs
comment:4 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Patches are located here: