Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5739-1

Debian Linux Security Advisory 5739-1 - user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.

Packet Storm
#linux#debian

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-5739-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2024 https://www.debian.org/security/faq


Package : wpa
CVE ID : CVE-2024-5290

Rory McNamara reported a local privilege escalation in wpasupplicant: A
user able to escalate to the netdev group can load arbitrary shared
object files in the context of the wpa_supplicant process running as
root.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2:2.9.0-21+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 2:2.10-12+deb12u2.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaygRlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QyKQ/+N0r1EUAN88sgtYvXYVc7h9EN1vZ0hvE6LGKfJDYyOGw+nXzDZWNwXBG5
uzzKo/aR1hBoJQTHTb47A7xXuHvHQjjbt0l+n2q3WtmhG+QcSLSy1iFk5JwDQ6AD
4U10+Hwfet0Lw13Qjd5ASXbEG70GYJ6bMPaP2C0O9vwEqpiyZRKhHuzbvS7FE0By
Hz1aiS41wT3K2qAtXnDINAZGlAWuINz6eV3HubI/FUZ2DqpAky9xeP66WZ9EGDl9
YZqz+o7ezzvruHSztOl0oC0m/8igytN1E6qaRiSk1TmwcLLBxqTO4q4maSIbqEjT
M43Gr23njg2NO11EnAi6j/9tsBsuNY3v1nKZgPl9EsWTicUYwi7YJVEwsTGnX5JB
910YbmzdXOWAUmkgeG6/m2oFFmuIZpS9cFjBr8NxVc1+nJZQCi7T7bxSADphLv5P
1hfymG/Y6Xmbxjl54vU+jzB14oLNJxOwdqNH+9gvHRZFRlMWrQAlNVKLT3MEsbSp
9PrFELAgmwprsMpihqW6EERCBST8MevAvEQkbcewZYA72RNOkjuZQZ/3SzMHnIqt
Yy2GU2tmqNJTvyGzF6k0r9No9ZrEvFByxTytoZ48skad55kz1dJY0PJ3AHgM9jE0
VzGh9i6vTrOCIhcEYPY6DhZK3tT0suV/hLdnDtT9GVQANeantwk=
=nPu+
-----END PGP SIGNATURE-----

Related news

Ubuntu Security Notice USN-6945-1

Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.

Packet Storm: Latest News

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download