seduction
 Language:
Welcome, Guest. Please login or register.
Did you miss your activation email?
2019/12/06, 21:19:18


Help

Author [EN] [PL] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: [solved] wpasupplicant possibly bears security problem  (Read 813 times)

0 Members and 1 Guest are viewing this topic.

Offline michaa7

  • User
  • Posts: 2.126
There is a warning (german only) about wpasupplicant being vulnerable ***if*** compiled with Build-Option CONFIG_P2P .

Does anyone have a clue how to find out whether or not this is the case with the current Debian version
Quote
apt-cache policy wpasupplicant
wpasupplicant:
  Installiert:           2.3-1

Until there is a new version, you (1) may patch and recompile your own package using Debian sources or you  (2) may disable  "p2p_disabled" in your  wpa_supplicant.conf  by setting it to "1". (Debian name may be slighly differnet).

As this is related to security I think it is ok to post it here in this section.
 
EDIT:

On my system I found only "/etc/dbus-1/system.d/wpa_supplicant.conf" without any reference to "p2p_disabled".

So this warning may be unnecessary .
« Last Edit: 2015/04/26, 19:09:57 by musca »
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

Offline musca

  • Global Moderator
  • User
  • *****
  • Posts: 725
  • sid, fly high!
Re: wpasupplicant: there might be a security problem
« Reply #1 on: 2015/04/24, 17:57:04 »
Hello micha,

a fixed wpasupplicant 2.3-2 package is pending in incoming:
* import "P2P: Validate SSID element length before copying it
  (CVE-2015-1863)" from upstream (Closes: #783148).


greetings
musca
„Es irrt der Mensch, solang er strebt.“  (Goethe, Faust)