{"id":"MGASA-2018-0348","summary":"Updated wpa_supplicant packages fix security vulnerability","details":"Updated wpa_supplicant packages fix security vulnerability:\n\nAn issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6.\nUnder certain conditions, the integrity of EAPOL-Key messages is not checked,\nleading to a decryption oracle. An attacker within range of the Access Point\nand client can abuse the vulnerability to recover sensitive information\n(CVE-2018-14526).\n","modified":"2026-04-16T06:22:25.622689753Z","published":"2018-08-19T18:36:49Z","upstream":["CVE-2018-14526"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0348.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23412"},{"type":"WEB","url":"https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/"}],"affected":[{"package":{"name":"wpa_supplicant","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wpa_supplicant?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0348.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}