An updated wpa_supplicant package that fixes two security issues and addsone enhancement is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The wpa_supplicant package contains an 802.1X Supplicant with support forWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authenticationmethods. It implements key negotiation with a WPA Authenticator for clientstations and controls the roaming and IEEE 802.11 authentication andassociation of the WLAN driver.A buffer overflow flaw was found in the way wpa_supplicant handled SSIDinformation in the Wi-Fi Direct / P2P management frames. A speciallycrafted frame could allow an attacker within Wi-Fi radio range to causewpa_supplicant to crash or, possibly, execute arbitrary code.(CVE-2015-1863)An integer underflow flaw, leading to a buffer over-read, was found in theway wpa_supplicant handled WMM Action frames. A specially crafted framecould possibly allow an attacker within Wi-Fi radio range to causewpa_supplicant to crash. (CVE-2015-4142)Red Hat would like to thank Jouni Malinen of the wpa_supplicant upstreamfor reporting the CVE-2015-1863 issue. Upstream acknowledges Alibabasecurity team as the original reporter.This update also adds the following enhancement:* Prior to this update, wpa_supplicant did not provide a way to require thehost name to be listed in an X.509 certificate’s Common Name or SubjectAlternative Name, and only allowed host name suffix or subject substringchecks. This update introduces a new configuration directive,’domain_match’, which adds a full host name check. (BZ#1178263)All wpa_supplicant users are advised to upgrade to this updated package,which contains backported patches to correct these issues and add thisenhancement. After installing this update, the wpa_supplicant service willbe restarted automatically.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
wpa_supplicant-2.0-17.el7_1.src.rpm
    MD5: 2c668a900176bec04f7a54f591d383c2SHA-256: 353d5bec3b9bf0c9e3bf4fde084a0b6e8ee2487482cb04e225433baecd081d62
 
x86_64:
wpa_supplicant-2.0-17.el7_1.x86_64.rpm
    MD5: 46671b010374233ac60adfcc9b97c5e6SHA-256: 2df7f287ea426d29cb133d25c1a1aee8e506c5689505940ebdf8ccee7999ca91
wpa_supplicant-debuginfo-2.0-17.el7_1.x86_64.rpm
    MD5: 87aaf239c544bdbd82046df222d8355aSHA-256: 253cd559a93bbaf7c58758e989bd1dd24795b626f5e2e42697f044489c6a0218
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
wpa_supplicant-2.0-17.el7_1.src.rpm
    MD5: 2c668a900176bec04f7a54f591d383c2SHA-256: 353d5bec3b9bf0c9e3bf4fde084a0b6e8ee2487482cb04e225433baecd081d62
 
x86_64:
wpa_supplicant-2.0-17.el7_1.x86_64.rpm
    MD5: 46671b010374233ac60adfcc9b97c5e6SHA-256: 2df7f287ea426d29cb133d25c1a1aee8e506c5689505940ebdf8ccee7999ca91
wpa_supplicant-debuginfo-2.0-17.el7_1.x86_64.rpm
    MD5: 87aaf239c544bdbd82046df222d8355aSHA-256: 253cd559a93bbaf7c58758e989bd1dd24795b626f5e2e42697f044489c6a0218
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
wpa_supplicant-2.0-17.el7_1.src.rpm
    MD5: 2c668a900176bec04f7a54f591d383c2SHA-256: 353d5bec3b9bf0c9e3bf4fde084a0b6e8ee2487482cb04e225433baecd081d62
 
PPC:
wpa_supplicant-2.0-17.el7_1.ppc64.rpm
    MD5: 4552cccbfa08e6d0920379767b81cf57SHA-256: 8a028006594cc76e27c4f548dea1413c89bb8cf2b4ba246c919e1dc92e8689a6
wpa_supplicant-debuginfo-2.0-17.el7_1.ppc64.rpm
    MD5: ec60d4c7550c5975c51e110b571e467dSHA-256: eb515d25ffa4afa44a655ccaba022cc7bc047db6cbdba8aba59e573397719ac6
 
s390x:
wpa_supplicant-2.0-17.el7_1.s390x.rpm
    MD5: d800e87e054ba5ced3f13ad5925bbde7SHA-256: bef618fecb455d7ce68f4b8fb04439c78b7e4d7bb6139148ec737c1287d0ee21
wpa_supplicant-debuginfo-2.0-17.el7_1.s390x.rpm
    MD5: 9667d88ed4571d0d5b4ff757be6d7e5cSHA-256: dfc3519d017d806a6b92c930dbba5c23bb833e35dd4ca524f8f2c85348ab9a6b
 
x86_64:
wpa_supplicant-2.0-17.el7_1.x86_64.rpm
    MD5: 46671b010374233ac60adfcc9b97c5e6SHA-256: 2df7f287ea426d29cb133d25c1a1aee8e506c5689505940ebdf8ccee7999ca91
wpa_supplicant-debuginfo-2.0-17.el7_1.x86_64.rpm
    MD5: 87aaf239c544bdbd82046df222d8355aSHA-256: 253cd559a93bbaf7c58758e989bd1dd24795b626f5e2e42697f044489c6a0218
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
wpa_supplicant-2.0-17.el7_1.src.rpm
    MD5: 2c668a900176bec04f7a54f591d383c2SHA-256: 353d5bec3b9bf0c9e3bf4fde084a0b6e8ee2487482cb04e225433baecd081d62
 
x86_64:
wpa_supplicant-2.0-17.el7_1.x86_64.rpm
    MD5: 46671b010374233ac60adfcc9b97c5e6SHA-256: 2df7f287ea426d29cb133d25c1a1aee8e506c5689505940ebdf8ccee7999ca91
wpa_supplicant-debuginfo-2.0-17.el7_1.x86_64.rpm
    MD5: 87aaf239c544bdbd82046df222d8355aSHA-256: 253cd559a93bbaf7c58758e989bd1dd24795b626f5e2e42697f044489c6a0218
 
(The unlinked packages above are only available from the Red Hat Network)
1178263 – wpa_supplicant: add support for non-substring server identity check [rhel-7]1211191 – CVE-2015-1863 wpa_supplicant: P2P SSID processing vulnerability1221178 – CVE-2015-4142 wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply