Fedora Linux 8782 Published by

A wpa_supplicant security update has been released for Fedora 30 to fix the AP mode PMF disconnection protection bypass problem



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-2bdcccee3c
2019-11-17 01:12:46.786636
--------------------------------------------------------------------------------

Name : wpa_supplicant
Product : Fedora 30
Version : 2.8
Release : 3.fc30
URL : http://w1.fi/wpa_supplicant/
Summary : WPA/WPA2/IEEE 802.1X Supplicant
Description :
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2019-16275
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2019 Davide Caratti - 1:2.8-3
- fix AP mode PMF disconnection protection bypass (CVE-2019-16275, rh #1767026)
* Fri May 10 2019 Davide Caratti - 1:2.8-2
- fix changelog for version 2.8-1
* Thu May 2 2019 Davide Caratti - 1:2.8-1
- Update to 2.8 upstream release, to include latest fix for NULL
pointer dereference when EAP-PWD peer receives unexpected EAP
fragments (CVE-2019-11555, rh #1701759)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1767023 - CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1767023
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-2bdcccee3c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys