[solved] wpasupplicant possibly bears security problem

Started by michaa7, 2015/04/23, 19:36:28

Previous topic - Next topic
Print
Go Down Pages1
User actions

michaa7

2015/04/23, 19:36:28 Last Edit: 2015/04/26, 19:09:57 by musca
There is a warning (german only) about wpasupplicant being vulnerable ***if*** compiled with Build-Option CONFIG_P2P .

Does anyone have a clue how to find out whether or not this is the case with the current Debian version
Quoteapt-cache policy wpasupplicant
wpasupplicant:
  Installiert:           2.3-1

Until there is a new version, you (1) may patch and recompile your own package using Debian sources or you  (2) may disable  "p2p_disabled" in your  wpa_supplicant.conf  by setting it to "1". (Debian name may be slighly differnet).

As this is related to security I think it is ok to post it here in this section.

EDIT:

On my system I found only "/etc/dbus-1/system.d/wpa_supplicant.conf" without any reference to "p2p_disabled".

So this warning may be unnecessary .
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

musca

#1
2015/04/24, 17:57:04
Hello micha,

a fixed wpasupplicant 2.3-2 package is pending in incoming:
* import "P2P: Validate SSID element length before copying it
  (CVE-2015-1863)" from upstream (Closes: #783148).


greetings
musca
,,Es irrt der Mensch, solang er strebt."  (Goethe, Faust)
Print
Go Up Pages1
User actions