|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:3480-1)|
|Summary:||The remote host is missing an update for the 'wpa_supplicant' package(s) announced via the SUSE-SU-2018:3480-1 advisory.|
The remote host is missing an update for the 'wpa_supplicant' package(s) announced via the SUSE-SU-2018:3480-1 advisory.
This update for wpa_supplicant provides the following fixes:
This security issues was fixe:
CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key
messages was not checked, leading to a decryption oracle. An attacker
within range of the Access Point and client could have abused the
vulnerability to recover sensitive information (bsc#1104205)
These non-security issues were fixed:
Fix reading private key passwords from the configuration file.
Enable PWD as EAP method. This allows for password-based authentication,
which is easier to setup than most of the other methods, and is used by
the Eduroam network. (bsc#1109209)
compile eapol_test binary to allow testing via radius proxy and server
(note: this does not match CONFIG_EAPOL_TEST which sets -Werror and
activates an assert call inside the code of wpa_supplicant)
Enabled timestamps in log file when being invoked by systemd service
Fixes the default file permissions of the debug log file to more sane
values, i.e. it is no longer world-readable (bsc#1098854).
Open the debug log file with O_CLOEXEC, which will prevent file
descriptor leaking to child processes (bsc#1098854).
'wpa_supplicant' package(s) on SUSE Linux Enterprise Module for Basesystem 15
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-14526|
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.