-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 22:45:18 +0000 Source: wpa Architecture: source Version: 2:2.10-12+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian wpasupplicant Maintainers Changed-By: Bastien Roucariès Closes: 1064061 Changes: wpa (2:2.10-12+deb12u1) bookworm; urgency=high . * Non-maintainer upload on behalf of the Security Team. * Fix CVE-2023-52160 (Closes: #1064061): The implementation of PEAP in wpa_supplicant allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. Checksums-Sha1: e3319110478beb692f3f4b897c41f73c576cf3f0 2736 wpa_2.10-12+deb12u1.dsc 8f5daa6109db1cd60ff3c330e2466c0c529152b9 90076 wpa_2.10-12+deb12u1.debian.tar.xz 9c584c35951e254fe3fd9fb567b3990e7100a18f 15130 wpa_2.10-12+deb12u1_amd64.buildinfo Checksums-Sha256: cc8c43409941e6d7c01cc33a3900f61ee7f55a0e27fd9a1580f782ea30f62a8b 2736 wpa_2.10-12+deb12u1.dsc e43db1ae2c7aa9b181101506960aa3fbbd41c7633a9574ed91b35bbb7c488b9f 90076 wpa_2.10-12+deb12u1.debian.tar.xz 58aec782dfc2c2456773d0ccaac9550f4bfe8722cc57d409331dc9c877c098df 15130 wpa_2.10-12+deb12u1_amd64.buildinfo Files: f53e83ad5935109514976193a05c0002 2736 net optional wpa_2.10-12+deb12u1.dsc c607a1c57bc2b3e701404455e2d3244e 90076 net optional wpa_2.10-12+deb12u1.debian.tar.xz b5bf877ecfbdde56311c35ce6b98036f 15130 net optional wpa_2.10-12+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZzUUYRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9ECw/+NDhvwO6xIvHXooMmydQzqVcEEcqqefkr qPNqbRgT1KoIa3d4O+8ybM2QLf0ZI+e0t2ZtySnTV0VLFiFAAAaIzajtW+Ip7zj6 nLDWSyRXSB2Cs3/RxVtwOg7KPDO+WeI4up7bSt4AtpT30tsJb0vq0l/D9LwE3nrv /Er/5Lnc/I7+B0U1cbSi3n507N+t5SExfm0aQktXYom5KjFYTCUbjEMCylIrq9by Q/iQQfHdW9Dmu9U4y3TG468zYl03XM3DRQ82i5JZOs5W9sWt/urKkx6bQBmhmcrY aaugE3mOzMC39XAL0Y1aJfN2v/FxObQT8FMD4PFEsSS95U8kiIHZtcyjGUbrATCM K7uHQL18sMbwkuU2jzxUYgrHtXfswuj4RTo1ebxlDf4po7Pj5J9IRKM2ZDOdQa4h WSgCD8du3qgos3KXYge0q8fxlBXDKi9NeOh2WIf03t+TYnO1H6Zq5DKohemnzPTD XG7d0Sk3w7gMBWur2xtcRK2ORr4ZHkgPfyBm8JniOvxOshxkFJWnVo0dz32/vuqz l8nIQG99T+DSPMxkoGqoGWr68LEt8NiDdFBNCKXxvDaU4DpW814p6BGQ7Z7kyTDX NelWexCINIToDSHGpqOEUPmH8LXbMSQGekgVyeIoR21aSttOtN/LC4xg+l887wjX z0h33RUC304= =jE5Q -----END PGP SIGNATURE-----