4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.075 Low
EPSS
Percentile
94.0%
CentOS Errata and Security Advisory CESA-2015:1439
The wpa_supplicant package contains an 802.1X Supplicant with support for
WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication
methods. It implements key negotiation with a WPA Authenticator for client
stations and controls the roaming and IEEE 802.11 authentication and
association of the WLAN driver.
An integer underflow flaw, leading to a buffer over-read, was found in the
way wpa_supplicant handled WMM Action frames. A specially crafted frame
could possibly allow an attacker within Wi-Fi radio range to cause
wpa_supplicant to crash. (CVE-2015-4142)
This update includes the following enhancement:
All wpa_supplicant users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue and adds this
enhancement. After installing this update, the wpa_supplicant service will
be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-July/028334.html
Affected packages:
wpa_supplicant
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1439
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | wpa_supplicant | < 0.7.3-6.el6 | wpa_supplicant-0.7.3-6.el6.i686.rpm |
CentOS | 6 | x86_64 | wpa_supplicant | < 0.7.3-6.el6 | wpa_supplicant-0.7.3-6.el6.x86_64.rpm |