An updated wpa_supplicant package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

The wpa_supplicant package contains an 802.1X Supplicant with support forWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authenticationmethods. It implements key negotiation with a WPA Authenticator for clientstations and controls the roaming and IEEE 802.11 authentication andassociation of the WLAN driver.A command injection flaw was found in the way the wpa_cli utility executedaction scripts. If wpa_cli was run in daemon mode to execute an actionscript (specified using the -a command line option), and wpa_supplicant wasconfigured to connect to a P2P group, malicious P2P group parameters couldcause wpa_cli to execute arbitrary code. (CVE-2014-3686)Red Hat would like to thank Jouni Malinen for reporting this issue.All wpa_supplicant users are advised to upgrade to this updated package,which contains a backported patch to correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
wpa_supplicant-2.0-13.el7_0.src.rpm
    MD5: 71c6e1dd7d9107955f7e610d88cca575SHA-256: 62cd48e8ebec6a21c655c345d1637b91242b6e7d912836953711be8720f4423c
 
x86_64:
wpa_supplicant-2.0-13.el7_0.x86_64.rpm
    MD5: 6d3fd314c5e6bf070ddb71ac2165ae6eSHA-256: 31a0daf60d6d4f0ec57cfd1d82182615ad2269c9e4d20595eddf33afbf27bcba
wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm
    MD5: 579e42357d1fa4a2b530da9207598de6SHA-256: 1e93b4ad32d95b5b1ab895b5dd2602eedf4952617d67d28c8446a5e594ff40a5
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
wpa_supplicant-2.0-13.el7_0.src.rpm
    MD5: 71c6e1dd7d9107955f7e610d88cca575SHA-256: 62cd48e8ebec6a21c655c345d1637b91242b6e7d912836953711be8720f4423c
 
x86_64:
wpa_supplicant-2.0-13.el7_0.x86_64.rpm
    MD5: 6d3fd314c5e6bf070ddb71ac2165ae6eSHA-256: 31a0daf60d6d4f0ec57cfd1d82182615ad2269c9e4d20595eddf33afbf27bcba
wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm
    MD5: 579e42357d1fa4a2b530da9207598de6SHA-256: 1e93b4ad32d95b5b1ab895b5dd2602eedf4952617d67d28c8446a5e594ff40a5
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
wpa_supplicant-2.0-13.el7_0.src.rpm
    MD5: 71c6e1dd7d9107955f7e610d88cca575SHA-256: 62cd48e8ebec6a21c655c345d1637b91242b6e7d912836953711be8720f4423c
 
PPC:
wpa_supplicant-2.0-13.el7_0.ppc64.rpm
    MD5: 02f3e7be6a963252998de248de18bacfSHA-256: 37f7ad832523646e4122f4533b45c1d82677a04d661e5eee479b2410158b2f32
wpa_supplicant-debuginfo-2.0-13.el7_0.ppc64.rpm
    MD5: a95b88431a594db6f8523fc1e0657f12SHA-256: 026a2a4b97aae5a52daada9f6e1bcca259ff6d7227a53174d306bcbd1e33940d
 
s390x:
wpa_supplicant-2.0-13.el7_0.s390x.rpm
    MD5: 9d5c100dda738476658b4819dcf10a96SHA-256: 60096b1e564ba42a497c7609b6a289fab9f41ee38f3c2ebea7cd913c1ee34a4a
wpa_supplicant-debuginfo-2.0-13.el7_0.s390x.rpm
    MD5: f97259290f1a70b2d271835d0ba718faSHA-256: b8d695f873c5751f458bce32cc5adb5ed747fb056d99c25eff07c97e49c87098
 
x86_64:
wpa_supplicant-2.0-13.el7_0.x86_64.rpm
    MD5: 6d3fd314c5e6bf070ddb71ac2165ae6eSHA-256: 31a0daf60d6d4f0ec57cfd1d82182615ad2269c9e4d20595eddf33afbf27bcba
wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm
    MD5: 579e42357d1fa4a2b530da9207598de6SHA-256: 1e93b4ad32d95b5b1ab895b5dd2602eedf4952617d67d28c8446a5e594ff40a5
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
wpa_supplicant-2.0-13.el7_0.src.rpm
    MD5: 71c6e1dd7d9107955f7e610d88cca575SHA-256: 62cd48e8ebec6a21c655c345d1637b91242b6e7d912836953711be8720f4423c
 
x86_64:
wpa_supplicant-2.0-13.el7_0.x86_64.rpm
    MD5: 6d3fd314c5e6bf070ddb71ac2165ae6eSHA-256: 31a0daf60d6d4f0ec57cfd1d82182615ad2269c9e4d20595eddf33afbf27bcba
wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm
    MD5: 579e42357d1fa4a2b530da9207598de6SHA-256: 1e93b4ad32d95b5b1ab895b5dd2602eedf4952617d67d28c8446a5e594ff40a5
 
(The unlinked packages above are only available from the Red Hat Network)
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply