Moderate: wpa_supplicant security update

2024-04-3000:00:00

errata.almalinux.org

wpa_supplicant

802.1x

wep

wpa

wpa2

authentication

cve-2023-52160

security fix

cvss score

almalinux

release notes

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

35.7%

JSON

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

wpa_supplicant: potential authorization bypass (CVE-2023-52160)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9ppc64lewpa_supplicant< 2.10-5.el9wpa_supplicant-2.10-5.el9.ppc64le.rpm
almalinux9s390xwpa_supplicant< 2.10-5.el9wpa_supplicant-2.10-5.el9.s390x.rpm
almalinux9aarch64wpa_supplicant< 2.10-5.el9wpa_supplicant-2.10-5.el9.aarch64.rpm
almalinux9x86_64wpa_supplicant< 2.10-5.el9wpa_supplicant-2.10-5.el9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	ppc64le	wpa_supplicant	< 2.10-5.el9	wpa_supplicant-2.10-5.el9.ppc64le.rpm
almalinux	9	s390x	wpa_supplicant	< 2.10-5.el9	wpa_supplicant-2.10-5.el9.s390x.rpm
almalinux	9	aarch64	wpa_supplicant	< 2.10-5.el9	wpa_supplicant-2.10-5.el9.aarch64.rpm
almalinux	9	x86_64	wpa_supplicant	< 2.10-5.el9	wpa_supplicant-2.10-5.el9.x86_64.rpm