Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in wpa_supplicant
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in wpa_supplicant
ID: USN-7317-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10
Datum: Di, 4. März 2025, 07:44
Referenzen: https://www.cve.org/CVERecord?id=CVE-2022-23303
https://www.cve.org/CVERecord?id=CVE-2022-23304
https://www.cve.org/CVERecord?id=CVE-2022-37660
Applikationen: wpa_supplicant

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8529778975456746370==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------7Cwhw858BlEWUVFvCcOe31Dg"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------7Cwhw858BlEWUVFvCcOe31Dg
Content-Type: multipart/mixed;
 boundary="------------jQ9FVPB9gGbXwjKuJFLvrKg6";
 protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <65ce919e-2454-4c7c-b55e-3d571d59f3e7@canonical.com>
Subject: [USN-7317-1] wpa_supplicant and hostapd vulnerabilities

--------------jQ9FVPB9gGbXwjKuJFLvrKg6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7317-1
March 03, 2025

wpa vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

wpa_supplicant and hostapd could be made to expose sensitive information
over the network.

Software Description:
- wpa: client support for WPA and WPA2

Details:

George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)

Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   hostapd                         2:2.10-22ubuntu0.1
   wpasupplicant                   2:2.10-22ubuntu0.1

Ubuntu 24.04 LTS
   hostapd                         2:2.10-21ubuntu0.2
   wpasupplicant                   2:2.10-21ubuntu0.2

Ubuntu 22.04 LTS
   hostapd                         2:2.10-6ubuntu2.2
   wpasupplicant                   2:2.10-6ubuntu2.2

Ubuntu 20.04 LTS
   hostapd                         2:2.9-1ubuntu4.6
   wpasupplicant                   2:2.9-1ubuntu4.6

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7317-1
   CVE-2022-23303, CVE-2022-23304, CVE-2022-37660

Package Information:
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-22ubuntu0.1
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.2
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.2
   https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.6

--------------jQ9FVPB9gGbXwjKuJFLvrKg6--

--------------7Cwhw858BlEWUVFvCcOe31Dg
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmfGTKIFAwAAAAAACgkQyfW2m9Ldu6u9
mRAAnppkT1sc9be4+WeiogX9Ob2/pJzolTbRszuv0CrFto3khq/GwpMbXWpAFB+mehV9szh5d+XU
5QZ3+rqwlq1PFzy3vAtFuf9HikA87ZE0LVrwWoavozrtIyls0QEYpgVX+zJCP9xaB7wwOLrsWg+E
HqrK3syoFEawz7rcmqFW+5pZNClp0DYzKZOqujevm4V4Y9E2ldxy9V3Um6GGdFHFKoNTd76AA8AB
Dl+raXugyOjDujSSz+d3spijr4ZogZMo3IBuQGxamNqRMgzkFzLEjHWx8n2vXv66ZtqmPwFu7y4D
tabrUtf5Q4lKitJEXVd0HD2oV7neeUKXdKEm3mNyjjxi3CoJ7pCmEMMrSA66/xL/ctcHc42cEDra
kcIjlZv/ieqCqj1CD1y+3+nRrsZ2xSVHV0wu5LUZZVJdahbllSDbtmWtwuWEkBZXKCjromJqCE8l
EtmjPmC1KZ2qE5C7gmj0mdEGtMttFsBLy60+zG66I9en+fXG1HkM3iO73D/24ggWsHhN12hYRnut
xSW74cQwem78cSxvdkoga3Qs94xPvn+XNuCJeSXYWEg4MF+0tdswaxs2adBdSoUg0/G1tJzB3LoO
0sy7YTVKPcTiRYBt1qnM0NG0C0HpWrfT3KYBA5b3WwAcMDCXzBtxkcEihbXW4ejqOwcOGSJy/2QF
mSw=
=UVYR
-----END PGP SIGNATURE-----

--------------7Cwhw858BlEWUVFvCcOe31Dg--


--===============8529778975456746370==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============8529778975456746370==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung