{"schema_version":"1.7.2","id":"OESA-2024-2142","modified":"2024-09-14T11:09:08Z","published":"2024-09-14T11:09:08Z","upstream":["CVE-2024-5290"],"summary":"wpa_supplicant security update","details":"wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.\n\nSecurity Fix(es):\n\nAn issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.(CVE-2024-5290)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"wpa_supplicant","purl":"pkg:rpm/openEuler/wpa_supplicant\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-7.oe2403"}]}],"ecosystem_specific":{"aarch64":["wpa_supplicant-2.10-7.oe2403.aarch64.rpm","wpa_supplicant-debuginfo-2.10-7.oe2403.aarch64.rpm","wpa_supplicant-debugsource-2.10-7.oe2403.aarch64.rpm","wpa_supplicant-gui-2.10-7.oe2403.aarch64.rpm","wpa_supplicant-help-2.10-7.oe2403.aarch64.rpm"],"src":["wpa_supplicant-2.10-7.oe2403.src.rpm"],"x86_64":["wpa_supplicant-2.10-7.oe2403.x86_64.rpm","wpa_supplicant-debuginfo-2.10-7.oe2403.x86_64.rpm","wpa_supplicant-debugsource-2.10-7.oe2403.x86_64.rpm","wpa_supplicant-gui-2.10-7.oe2403.x86_64.rpm","wpa_supplicant-help-2.10-7.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"wpa_supplicant","purl":"pkg:rpm/openEuler/wpa_supplicant\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-32.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["wpa_supplicant-2.6-32.oe2203sp4.aarch64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp4.aarch64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp4.aarch64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp4.aarch64.rpm","wpa_supplicant-help-2.6-32.oe2203sp4.aarch64.rpm"],"src":["wpa_supplicant-2.6-32.oe2203sp4.src.rpm"],"x86_64":["wpa_supplicant-2.6-32.oe2203sp4.x86_64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp4.x86_64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp4.x86_64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp4.x86_64.rpm","wpa_supplicant-help-2.6-32.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"wpa_supplicant","purl":"pkg:rpm/openEuler/wpa_supplicant\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-32.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["wpa_supplicant-2.6-32.oe2203sp3.aarch64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp3.aarch64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp3.aarch64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp3.aarch64.rpm","wpa_supplicant-help-2.6-32.oe2203sp3.aarch64.rpm"],"src":["wpa_supplicant-2.6-32.oe2203sp3.src.rpm"],"x86_64":["wpa_supplicant-2.6-32.oe2203sp3.x86_64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp3.x86_64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp3.x86_64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp3.x86_64.rpm","wpa_supplicant-help-2.6-32.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"wpa_supplicant","purl":"pkg:rpm/openEuler/wpa_supplicant\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-32.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["wpa_supplicant-2.6-32.oe2003sp4.aarch64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2003sp4.aarch64.rpm","wpa_supplicant-debugsource-2.6-32.oe2003sp4.aarch64.rpm","wpa_supplicant-gui-2.6-32.oe2003sp4.aarch64.rpm","wpa_supplicant-help-2.6-32.oe2003sp4.aarch64.rpm"],"src":["wpa_supplicant-2.6-32.oe2003sp4.src.rpm"],"x86_64":["wpa_supplicant-2.6-32.oe2003sp4.x86_64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2003sp4.x86_64.rpm","wpa_supplicant-debugsource-2.6-32.oe2003sp4.x86_64.rpm","wpa_supplicant-gui-2.6-32.oe2003sp4.x86_64.rpm","wpa_supplicant-help-2.6-32.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"wpa_supplicant","purl":"pkg:rpm/openEuler/wpa_supplicant\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-32.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["wpa_supplicant-2.6-32.oe2203sp1.aarch64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp1.aarch64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp1.aarch64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp1.aarch64.rpm","wpa_supplicant-help-2.6-32.oe2203sp1.aarch64.rpm"],"src":["wpa_supplicant-2.6-32.oe2203sp1.src.rpm"],"x86_64":["wpa_supplicant-2.6-32.oe2203sp1.x86_64.rpm","wpa_supplicant-debuginfo-2.6-32.oe2203sp1.x86_64.rpm","wpa_supplicant-debugsource-2.6-32.oe2203sp1.x86_64.rpm","wpa_supplicant-gui-2.6-32.oe2203sp1.x86_64.rpm","wpa_supplicant-help-2.6-32.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2142"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5290"}],"database_specific":{"severity":"High"}}