MDVSA-2014:211: wpa_supplicant

Updated wpa_supplicant packages fix security vulnerability:

A vulnerability was found in the mechanism wpa_cli and hostapd_cli use
for executing action scripts. An unsanitized string received from a
remote device can be passed to a system() call resulting in arbitrary
command execution under the privileges of the wpa_cli/hostapd_cli
process (which may be root in common use cases) (CVE-2014-3686).

Using the wpa_supplicant package, systems are exposed to the
vulnerability if operating as a WPS registrar.

Leave a Reply