Overview

File _patchinfo of Package patchinfo.8913

<patchinfo incident="8913">
  <issue tracker="bnc" id="1104205">VUL-1: CVE-2018-14526: wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant</issue>
  <issue tracker="bnc" id="1109209">wpa_supplicant: Lacking support for PWD as EAP method</issue>
  <issue tracker="cve" id="2018-14526"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>kbabioch</packager>
  <description>This update for wpa_supplicant fixes the following issues:

This security issue was fixed:

- CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages
  was not checked, leading to a decryption oracle. An attacker within range of
  the Access Point and client could have abused the vulnerability to recover
  sensitive information (bsc#1104205).

This non-security issue was fixed:

- Enabled PWD as EAP method. This allows for password-based authentication,
  which is easier to setup than most of the other methods, and is used by the
  Eduroam network (bsc#1109209).
</description>
  <summary>Security update for wpa_supplicant</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places