{"id":"MGASA-2016-0199","summary":"Updated wpa_supplicant packages fix security vulnerabilities","details":"Updated wpa_suppliant packages fix security vulnerabilities:\n\nA vulnerability was found in how wpa_supplicant writes the configuration file\nupdate for the WPA/WPA2 passphrase parameter. If this parameter has been\nupdated to include control characters either through a WPS operation\n(CVE-2016-4476) or through local configuration change over the wpa_supplicant\ncontrol interface (CVE-2016-4477), the resulting configuration file may prevent\nthe wpa_supplicant from starting when the updated file is used. In addition, it\nmay be possible to load a local library file and execute code from there with\nthe same privileges under which the wpa_supplicant process runs.\n","modified":"2026-04-16T06:24:10.188206983Z","published":"2016-05-21T22:11:24Z","upstream":["CVE-2016-4476","CVE-2016-4477"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0199.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18335"},{"type":"WEB","url":"http://w1.fi/security/2016-1/psk-parameter-config-update.txt"}],"affected":[{"package":{"name":"wpa_supplicant","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/wpa_supplicant?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0199.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}