Media coverage: https://thehackernews.com/2024/02/new-wi-fi-vulnerabilities-expose.html Description of problem: WPA_SUPPLICANT < 2.11 suffers from CVE-2023-52160 Short: wpa_supplicant fails to/does not verify enterprise-grade-wifi network certs, so those networks can be cloned and user redirected into an attacker created net. CVE got fixed via backport in F40, but is open in F38 and F39.
FEDORA-2024-36d2be00d0 (wpa_supplicant-2.10-7.fc38) has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-36d2be00d0
FEDORA-2024-a95bdde55b (wpa_supplicant-2.10-9.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-a95bdde55b
FEDORA-2024-a95bdde55b has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-a95bdde55b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-a95bdde55b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-36d2be00d0 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-36d2be00d0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-36d2be00d0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-a95bdde55b (wpa_supplicant-2.10-9.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-36d2be00d0 (wpa_supplicant-2.10-7.fc38) has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.