mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
970e55afb6
patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
15 lines
425 B
Bash
15 lines
425 B
Bash
config() {
|
|
NEW="$1"
|
|
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
|
# If there's no config file by that name, mv it over:
|
|
if [ ! -r $OLD ]; then
|
|
mv $NEW $OLD
|
|
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
|
# toss the redundant copy
|
|
rm $NEW
|
|
fi
|
|
# Otherwise, we leave the .new copy for the admin to consider...
|
|
}
|
|
|
|
config etc/wpa_supplicant.conf.new
|
|
config etc/logrotate.d/wpa_supplicant.new
|