[USN-6945-1] wpa_supplicant and hostapd vulnerability

Luci Stanescu luci.stanescu at canonical.com
Tue Aug 6 19:46:35 UTC 2024 

==========================================================================
Ubuntu Security Notice USN-6945-1
August 06, 2024

wpa vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

wpa_supplicant could be made to run programs as an administrator with
specially crafted configuration file.

Software Description:
- wpa: client support for WPA and WPA2

Details:

Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   wpasupplicant                   2:2.10-21ubuntu0.1

Ubuntu 22.04 LTS
   wpasupplicant                   2:2.10-6ubuntu2.1

Ubuntu 20.04 LTS
   wpasupplicant                   2:2.9-1ubuntu4.4

Ubuntu 18.04 LTS
   wpasupplicant                   2:2.6-15ubuntu2.8+esm1

Ubuntu 16.04 LTS
   wpasupplicant                   2.4-0ubuntu6.8+esm1

Ubuntu 14.04 LTS
   wpasupplicant                   2.1-0ubuntu1.7+esm5

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6945-1
   CVE-2024-5290,https://launchpad.net/bugs/2067613

Package Information:
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1
   https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4
   https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1
   https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1
   https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240806/08153a0c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240806/08153a0c/attachment.sig>

More information about the ubuntu-security-announce mailing list