iHUEARYIAB0WIQS9fIzo5cOslDRPrg+TiY1To8lzAQUCZrJ9mwAKCRCTiY1To8lz
AQ/XAQDLOXyTxnLFjWg5wtAHyTVTJidaOQwe2WpG2imOtgusJQEAjGLtBQJZA5K7
jRNCchUMDH8deeznMFCvuqNLEziLswU=
=6BKZ
-----END PGP SIGNATURE-----
========================================================================== Ubuntu Security Notice USN-6945-1 August 06, 2024 wpa vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: wpa_supplicant could be made to run programs as an administrator with specially crafted configuration file. Software Description: - wpa: client support for WPA and WPA2 Details: Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS wpasupplicant 2:2.10-21ubuntu0.1 Ubuntu 22.04 LTS wpasupplicant 2:2.10-6ubuntu2.1 Ubuntu 20.04 LTS wpasupplicant 2:2.9-1ubuntu4.4 Ubuntu 18.04 LTS wpasupplicant 2:2.6-15ubuntu2.8+esm1 Ubuntu 16.04 LTS wpasupplicant 2.4-0ubuntu6.8+esm1 Ubuntu 14.04 LTS wpasupplicant 2.1-0ubuntu1.7+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6945-1 CVE-2024-5290, https://launchpad.net/bugs/2067613 Package Information: https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1 https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1 https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4 https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5
No comments:
Post a Comment