Security update for wpa_supplicant SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0764-2 Final 1 1 2024-03-05T12:46:33Z current 2024-03-05T12:46:33Z 2024-03-05T12:46:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wpa_supplicant This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest-2024-764,Container suse/sle-micro/5.5:latest-2024-764,Container suse/sle-micro/base-5.5:latest-2024-764,Container suse/sle-micro/kvm-5.5:latest-2024-764,Container suse/sle-micro/rt-5.5:latest-2024-764,Image SLES15-SP5-Manager-Proxy-5-0-BYOS-2024-764,Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure-2024-764,Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2-2024-764,Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE-2024-764,Image SLES15-SP5-Manager-Server-5-0-2024-764,Image SLES15-SP5-Manager-Server-5-0-Azure-llc-2024-764,Image SLES15-SP5-Manager-Server-5-0-Azure-ltd-2024-764,Image SLES15-SP5-Manager-Server-5-0-BYOS-2024-764,Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure-2024-764,Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2-2024-764,Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE-2024-764,Image SLES15-SP5-Manager-Server-5-0-EC2-llc-2024-764,Image SLES15-SP5-Manager-Server-5-0-EC2-ltd-2024-764,Image SLES15-SP5-Micro-5-5-2024-764,Image SLES15-SP5-Micro-5-5-Azure-2024-764,Image SLES15-SP5-Micro-5-5-BYOS-2024-764,Image SLES15-SP5-Micro-5-5-BYOS-Azure-2024-764,Image SLES15-SP5-Micro-5-5-BYOS-EC2-2024-764,Image SLES15-SP5-Micro-5-5-BYOS-GCE-2024-764,Image SLES15-SP5-Micro-5-5-EC2-2024-764,Image SLES15-SP5-Micro-5-5-GCE-2024-764,SUSE-2024-764,SUSE-SLE-Micro-5.5-2024-764 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240764-2/ Link for SUSE-SU-2024:0764-2 https://lists.suse.com/pipermail/sle-updates/2024-August/036513.html E-Mail link for SUSE-SU-2024:0764-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1219975 SUSE Bug 1219975 https://www.suse.com/security/cve/CVE-2023-52160/ SUSE CVE CVE-2023-52160 page Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container suse/sle-micro/5.5:latest Container suse/sle-micro/base-5.5:latest Container suse/sle-micro/kvm-5.5:latest Container suse/sle-micro/rt-5.5:latest Image SLES15-SP5-Manager-Proxy-5-0-BYOS Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0 Image SLES15-SP5-Manager-Server-5-0-Azure-llc Image SLES15-SP5-Manager-Server-5-0-Azure-ltd Image SLES15-SP5-Manager-Server-5-0-BYOS Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0-EC2-llc Image SLES15-SP5-Manager-Server-5-0-EC2-ltd Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-BYOS-EC2 Image SLES15-SP5-Micro-5-5-BYOS-GCE Image SLES15-SP5-Micro-5-5-EC2 Image SLES15-SP5-Micro-5-5-GCE SUSE Linux Enterprise Micro 5.5 wpa_supplicant-2.10-150500.3.3.1 wpa_supplicant-gui-2.10-150500.3.3.1 wpa_supplicant-2.10-150500.3.3.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest wpa_supplicant-2.10-150500.3.3.1 as a component of Container suse/sle-micro/5.5:latest wpa_supplicant-2.10-150500.3.3.1 as a component of Container suse/sle-micro/base-5.5:latest wpa_supplicant-2.10-150500.3.3.1 as a component of Container suse/sle-micro/kvm-5.5:latest wpa_supplicant-2.10-150500.3.3.1 as a component of Container suse/sle-micro/rt-5.5:latest wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Proxy-5-0-BYOS wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-Azure-llc wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-Azure-ltd wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-BYOS wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-EC2-llc wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Manager-Server-5-0-EC2-ltd wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-Azure wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-Azure wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-EC2 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-GCE wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-EC2 wpa_supplicant-2.10-150500.3.3.1 as a component of Image SLES15-SP5-Micro-5-5-GCE wpa_supplicant-2.10-150500.3.3.1 as a component of SUSE Linux Enterprise Micro 5.5 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. CVE-2023-52160 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:wpa_supplicant-2.10-150500.3.3.1 Container suse/sle-micro/5.5:latest:wpa_supplicant-2.10-150500.3.3.1 Container suse/sle-micro/base-5.5:latest:wpa_supplicant-2.10-150500.3.3.1 Container suse/sle-micro/kvm-5.5:latest:wpa_supplicant-2.10-150500.3.3.1 Container suse/sle-micro/rt-5.5:latest:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Proxy-5-0-BYOS:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-Azure-llc:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-Azure-ltd:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-BYOS:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-EC2-llc:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0-EC2-ltd:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Manager-Server-5-0:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-Azure:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-BYOS-Azure:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-BYOS-EC2:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-BYOS-GCE:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-BYOS:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-EC2:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5-GCE:wpa_supplicant-2.10-150500.3.3.1 Image SLES15-SP5-Micro-5-5:wpa_supplicant-2.10-150500.3.3.1 SUSE Linux Enterprise Micro 5.5:wpa_supplicant-2.10-150500.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240764-2/ https://www.suse.com/security/cve/CVE-2023-52160.html CVE-2023-52160 https://bugzilla.suse.com/1219975 SUSE Bug 1219975