Fix CVE-2023-52160 in wpa_supplicant.

2025-01-24 06:52:14 +08:00 · 2024-02-13 21:42:14 -06:00 · 2024-02-13 21:42:14 -06:00 · a0209f04dd
commit a0209f04dd
parent e9c2b05c4b
2 changed files with 22 additions and 0 deletions
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -42,6 +42,10 @@
    <listitem>
      <para>February 13th, 2024</para>
      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fix CVE-2023-52160 in wpa_supplicant. Fixes
+          <ulink url="&blfs-ticket-root;19304">#19304</ulink>.</para>
+        </listitem>
        <listitem>
          <para>[renodr] - Update to mutter-45.4. Fixes
          <ulink url="&blfs-ticket-root;19296">#19296</ulink>.</para>
--- a/networking/netprogs/wpa_supplicant.xml
+++ b/networking/netprogs/wpa_supplicant.xml
@ -72,6 +72,16 @@
      </listitem>
    </itemizedlist>

+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Required patch:
+          <ulink url="&patch-root;/wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch"/>
+        </para>
+      </listitem>
+    </itemizedlist>
+
    <bridgehead renderas="sect3">WPA Supplicant Dependencies</bridgehead>

    <bridgehead renderas="sect4">Required (Runtime)</bridgehead>
@ -164,6 +174,14 @@ CONFIG_CTRL_IFACE_DBUS_NEW=y
 CONFIG_CTRL_IFACE_DBUS_INTRO=y</literal>
 EOF</userinput></screen>

+    <para>
+      Next, patch a security vulnerability that occurs when connecting to some
+      networks:
+      <!-- CVE-2023-52160, see Ticket #19304. -->
+    </para>
+
+<screen><userinput>patch -Np1 -i ../wpa_supplicant-&wpa_supplicant-version;-security_fix-1.patch</userinput></screen>
+
    <para>
      Install <application>WPA Supplicant</application> by running the
      following commands: