Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 663172 (CVE-2018-14526) - <net-wireless/wpa_supplicant-2.6-r10: Unauthenticated EAPOL-Key decryption in wpa_supplicant
Summary: <net-wireless/wpa_supplicant-2.6-r10: Unauthenticated EAPOL-Key decryption in...
Alias: CVE-2018-14526
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on:
Reported: 2018-08-08 16:14 UTC by Hanno Böck
Modified: 2020-03-15 19:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: Yes
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Rick Farina (Zero_Chaos) gentoo-dev 2018-12-05 20:49:05 UTC
wpa_supplicant-2.6-r10 is in the tree with a fix.  I'd also like it stabilized anyway, so I've opened a bug
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-12-07 02:43:45 UTC
x86 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-12-07 12:31:22 UTC
amd64 stable
Comment 4 Matt Turner gentoo-dev 2018-12-07 23:20:37 UTC
ppc/ppc64 stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-12-08 12:11:19 UTC
arm stable
Comment 6 cono 2018-12-09 22:38:22 UTC
I'm having issues with this wpa_supplicant version. No errors in the log, just ping of the gateway stuck for a moment, than recovers by itself, than stuck again (not only ping, like whole connection, just tested by the ping).
Reverting back to 2.6-r6 resolves the problem.

My WIFI: Killer AC-1535

03:00.0 Network controller [0280]: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter [168c:003e] (rev 32)
	Subsystem: Bigfoot Networks, Inc. QCA6174 802.11ac Wireless Network Adapter [1a56:1535]
	Kernel driver in use: ath10k_pci
	Kernel modules: ath10k_pci

Not sure what else I can provide, please suggest.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2018-12-09 23:36:07 UTC
Please file an own bug for your issue.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 02:52:23 UTC
GLSA Vote: No
Arches and Maintainer(s), Thank you for your work.

Maintainer(s), please drop the vulnerable version(s).