RHSA-2021:0809 - Security Advisory

Overview
Updated Packages

Synopsis

Important: wpa_supplicant security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64

Fixes

BZ - 1933361 - CVE-2021-27803 wpa_supplicant: Use-after-free in P2P provision discovery processing

CVEs

CVE-2021-27803

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
x86_64
wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 72b26a2fa06c3a55778ced88bcf81596262e1c0eb584025ee8b07622fd6e9943
wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 8be73294c808321de3046a28cac44e0e0cd78ab708810237f4e96b87625856de
wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 16086f4d9b6e23562d0bb8e2973a52fdc1ca7296a22844ae69ae915e3d022e61

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
x86_64
wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 72b26a2fa06c3a55778ced88bcf81596262e1c0eb584025ee8b07622fd6e9943
wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 8be73294c808321de3046a28cac44e0e0cd78ab708810237f4e96b87625856de
wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 16086f4d9b6e23562d0bb8e2973a52fdc1ca7296a22844ae69ae915e3d022e61

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
x86_64
wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 72b26a2fa06c3a55778ced88bcf81596262e1c0eb584025ee8b07622fd6e9943
wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 8be73294c808321de3046a28cac44e0e0cd78ab708810237f4e96b87625856de
wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 16086f4d9b6e23562d0bb8e2973a52fdc1ca7296a22844ae69ae915e3d022e61

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
s390x
wpa_supplicant-2.9-2.el8_3.1.s390x.rpm	SHA-256: 0e26996bbc1bc463a836c2982ac2787b89433b84dd0947bf2651cad6cd723f28
wpa_supplicant-debuginfo-2.9-2.el8_3.1.s390x.rpm	SHA-256: 374b1f0a1c75934d4fa982cb0e08e4a3d2ac6647b81803ddceb5fb5152483f2d
wpa_supplicant-debugsource-2.9-2.el8_3.1.s390x.rpm	SHA-256: eaa75a627047099b89955e381eabce7b44483b8aa020f12efa904847141bfd33

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
s390x
wpa_supplicant-2.9-2.el8_3.1.s390x.rpm	SHA-256: 0e26996bbc1bc463a836c2982ac2787b89433b84dd0947bf2651cad6cd723f28
wpa_supplicant-debuginfo-2.9-2.el8_3.1.s390x.rpm	SHA-256: 374b1f0a1c75934d4fa982cb0e08e4a3d2ac6647b81803ddceb5fb5152483f2d
wpa_supplicant-debugsource-2.9-2.el8_3.1.s390x.rpm	SHA-256: eaa75a627047099b89955e381eabce7b44483b8aa020f12efa904847141bfd33

Red Hat Enterprise Linux for Power, little endian 8

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
ppc64le
wpa_supplicant-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 9e3a684ad5affbe267a3e7323923421ae0ac1f0d54dd2c785d7497d489120b93
wpa_supplicant-debuginfo-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 7fbfa6d5e60f8e85b3184e184c6ba15075ef4e55658466dc495c06d011f6c709
wpa_supplicant-debugsource-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 5ff8f1bc43c2dd50b533fbb3a8af0dd7582e6ecc6958c988e7c6995c53ffd22a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
ppc64le
wpa_supplicant-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 9e3a684ad5affbe267a3e7323923421ae0ac1f0d54dd2c785d7497d489120b93
wpa_supplicant-debuginfo-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 7fbfa6d5e60f8e85b3184e184c6ba15075ef4e55658466dc495c06d011f6c709
wpa_supplicant-debugsource-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 5ff8f1bc43c2dd50b533fbb3a8af0dd7582e6ecc6958c988e7c6995c53ffd22a

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
x86_64
wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 72b26a2fa06c3a55778ced88bcf81596262e1c0eb584025ee8b07622fd6e9943
wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 8be73294c808321de3046a28cac44e0e0cd78ab708810237f4e96b87625856de
wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 16086f4d9b6e23562d0bb8e2973a52fdc1ca7296a22844ae69ae915e3d022e61

Red Hat Enterprise Linux for ARM 64 8

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
aarch64
wpa_supplicant-2.9-2.el8_3.1.aarch64.rpm	SHA-256: e1b1a389839b558e92e041c680fad27d94e4d93a7cd2e03affb0a8dc6729f1eb
wpa_supplicant-debuginfo-2.9-2.el8_3.1.aarch64.rpm	SHA-256: 5be9dc47eb0552f0519ca4754c083aca23d5bc2e60adb7a84fa75ca0f04a8e77
wpa_supplicant-debugsource-2.9-2.el8_3.1.aarch64.rpm	SHA-256: ed1c9bde4e4f2f501a52bffd7652b7c566fac2cbf8b7ad20dba46c8db7919c04

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
aarch64
wpa_supplicant-2.9-2.el8_3.1.aarch64.rpm	SHA-256: e1b1a389839b558e92e041c680fad27d94e4d93a7cd2e03affb0a8dc6729f1eb
wpa_supplicant-debuginfo-2.9-2.el8_3.1.aarch64.rpm	SHA-256: 5be9dc47eb0552f0519ca4754c083aca23d5bc2e60adb7a84fa75ca0f04a8e77
wpa_supplicant-debugsource-2.9-2.el8_3.1.aarch64.rpm	SHA-256: ed1c9bde4e4f2f501a52bffd7652b7c566fac2cbf8b7ad20dba46c8db7919c04

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
ppc64le
wpa_supplicant-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 9e3a684ad5affbe267a3e7323923421ae0ac1f0d54dd2c785d7497d489120b93
wpa_supplicant-debuginfo-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 7fbfa6d5e60f8e85b3184e184c6ba15075ef4e55658466dc495c06d011f6c709
wpa_supplicant-debugsource-2.9-2.el8_3.1.ppc64le.rpm	SHA-256: 5ff8f1bc43c2dd50b533fbb3a8af0dd7582e6ecc6958c988e7c6995c53ffd22a

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
wpa_supplicant-2.9-2.el8_3.1.src.rpm	SHA-256: 9697b0fed28dbbff3011f83ea270fdd22fab08c337b24fae4363ba2d3d7da87d
x86_64
wpa_supplicant-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 72b26a2fa06c3a55778ced88bcf81596262e1c0eb584025ee8b07622fd6e9943
wpa_supplicant-debuginfo-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 8be73294c808321de3046a28cac44e0e0cd78ab708810237f4e96b87625856de
wpa_supplicant-debugsource-2.9-2.el8_3.1.x86_64.rpm	SHA-256: 16086f4d9b6e23562d0bb8e2973a52fdc1ca7296a22844ae69ae915e3d022e61

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.