Security update for wpa_supplicant SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0716-1 Final 1 1 2022-03-04T08:44:47Z current 2022-03-04T08:44:47Z 2022-03-04T08:44:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wpa_supplicant This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container rancher/elemental-teal-rt/5.3:latest-2022-716,Container rancher/elemental-teal-rt/5.4:latest-2022-716,Container rancher/elemental-teal/5.3:latest-2022-716,Container rancher/elemental-teal/5.4:latest-2022-716,Container suse/sle-micro-rancher/5.3:latest-2022-716,Container suse/sle-micro-rancher/5.4:latest-2022-716,Image SLES15-SP4-Micro-5-3-2022-716,Image SLES15-SP4-Micro-5-3-Azure-2022-716,Image SLES15-SP4-Micro-5-3-BYOS-2022-716,Image SLES15-SP4-Micro-5-3-BYOS-Azure-2022-716,Image SLES15-SP4-Micro-5-3-BYOS-EC2-2022-716,Image SLES15-SP4-Micro-5-3-BYOS-GCE-2022-716,Image SLES15-SP4-Micro-5-3-EC2-2022-716,Image SLES15-SP4-Micro-5-3-GCE-2022-716,Image SLES15-SP4-Micro-5-4-2022-716,Image SLES15-SP4-Micro-5-4-Azure-2022-716,Image SLES15-SP4-Micro-5-4-BYOS-2022-716,Image SLES15-SP4-Micro-5-4-BYOS-Azure-2022-716,Image SLES15-SP4-Micro-5-4-BYOS-EC2-2022-716,Image SLES15-SP4-Micro-5-4-BYOS-GCE-2022-716,Image SLES15-SP4-Micro-5-4-EC2-2022-716,Image SLES15-SP4-Micro-5-4-GCE-2022-716,SUSE-2022-716,SUSE-SLE-Module-Basesystem-15-SP3-2022-716,SUSE-SLE-Module-Basesystem-15-SP4-2022-716,SUSE-SLE-Product-HPC-15-2022-716,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-716,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-716,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-716,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-716,SUSE-SLE-Product-RT-15-SP2-2022-716,SUSE-SLE-Product-SLES-15-2022-716,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-716,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-716,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-716,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-716,SUSE-SLE-Product-SLES_SAP-15-2022-716,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-716,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-716,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-716,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-716,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-716,SUSE-SUSE-MicroOS-5.0-2022-716,SUSE-SUSE-MicroOS-5.1-2022-716,SUSE-Storage-6-2022-716,SUSE-Storage-7-2022-716 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220716-1/ Link for SUSE-SU-2022:0716-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010363.html E-Mail link for SUSE-SU-2022:0716-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194732 SUSE Bug 1194732 https://bugzilla.suse.com/1194733 SUSE Bug 1194733 https://www.suse.com/security/cve/CVE-2022-23303/ SUSE CVE CVE-2022-23303 page https://www.suse.com/security/cve/CVE-2022-23304/ SUSE CVE CVE-2022-23304 page Container rancher/elemental-teal-rt/5.3:latest Container rancher/elemental-teal-rt/5.4:latest Container rancher/elemental-teal/5.3:latest Container rancher/elemental-teal/5.4:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Image SLES15-SP4-Micro-5-3 Image SLES15-SP4-Micro-5-3-Azure Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-3-BYOS-EC2 Image SLES15-SP4-Micro-5-3-BYOS-GCE Image SLES15-SP4-Micro-5-3-EC2 Image SLES15-SP4-Micro-5-3-GCE Image SLES15-SP4-Micro-5-4 Image SLES15-SP4-Micro-5-4-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS-EC2 Image SLES15-SP4-Micro-5-4-BYOS-GCE Image SLES15-SP4-Micro-5-4-EC2 Image SLES15-SP4-Micro-5-4-GCE SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 wpa_supplicant-2.9-4.33.1 wpa_supplicant-gui-2.9-4.33.1 wpa_supplicant-2.9-4.33.1 as a component of Container rancher/elemental-teal-rt/5.3:latest wpa_supplicant-2.9-4.33.1 as a component of Container rancher/elemental-teal-rt/5.4:latest wpa_supplicant-2.9-4.33.1 as a component of Container rancher/elemental-teal/5.3:latest wpa_supplicant-2.9-4.33.1 as a component of Container rancher/elemental-teal/5.4:latest wpa_supplicant-2.9-4.33.1 as a component of Container suse/sle-micro-rancher/5.3:latest wpa_supplicant-2.9-4.33.1 as a component of Container suse/sle-micro-rancher/5.4:latest wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-Azure wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS-Azure wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS-EC2 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS-GCE wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-EC2 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-3-GCE wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-Azure wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS-Azure wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS-EC2 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS-GCE wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-EC2 wpa_supplicant-2.9-4.33.1 as a component of Image SLES15-SP4-Micro-5-4-GCE wpa_supplicant-2.9-4.33.1 as a component of SUSE Enterprise Storage 6 wpa_supplicant-2.9-4.33.1 as a component of SUSE Enterprise Storage 7 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Micro 5.0 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Micro 5.1 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server 15-LTSS wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 wpa_supplicant-2.9-4.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 wpa_supplicant-2.9-4.33.1 as a component of SUSE Manager Proxy 4.1 wpa_supplicant-2.9-4.33.1 as a component of SUSE Manager Retail Branch Server 4.1 wpa_supplicant-2.9-4.33.1 as a component of SUSE Manager Server 4.1 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. CVE-2022-23303 Container rancher/elemental-teal-rt/5.3:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal-rt/5.4:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal/5.3:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal/5.4:latest:wpa_supplicant-2.9-4.33.1 Container suse/sle-micro-rancher/5.3:latest:wpa_supplicant-2.9-4.33.1 Container suse/sle-micro-rancher/5.4:latest:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4:wpa_supplicant-2.9-4.33.1 SUSE Enterprise Storage 6:wpa_supplicant-2.9-4.33.1 SUSE Enterprise Storage 7:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Micro 5.0:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Micro 5.1:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Real Time 15 SP2:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP1-BCL:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP1-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP2-BCL:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP2-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15:wpa_supplicant-2.9-4.33.1 SUSE Manager Proxy 4.1:wpa_supplicant-2.9-4.33.1 SUSE Manager Retail Branch Server 4.1:wpa_supplicant-2.9-4.33.1 SUSE Manager Server 4.1:wpa_supplicant-2.9-4.33.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220716-1/ https://www.suse.com/security/cve/CVE-2022-23303.html CVE-2022-23303 https://bugzilla.suse.com/1194732 SUSE Bug 1194732 https://bugzilla.suse.com/1205064 SUSE Bug 1205064 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. CVE-2022-23304 Container rancher/elemental-teal-rt/5.3:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal-rt/5.4:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal/5.3:latest:wpa_supplicant-2.9-4.33.1 Container rancher/elemental-teal/5.4:latest:wpa_supplicant-2.9-4.33.1 Container suse/sle-micro-rancher/5.3:latest:wpa_supplicant-2.9-4.33.1 Container suse/sle-micro-rancher/5.4:latest:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-BYOS:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-3:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-Azure:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-BYOS:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-EC2:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4-GCE:wpa_supplicant-2.9-4.33.1 Image SLES15-SP4-Micro-5-4:wpa_supplicant-2.9-4.33.1 SUSE Enterprise Storage 6:wpa_supplicant-2.9-4.33.1 SUSE Enterprise Storage 7:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Micro 5.0:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Micro 5.1:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Real Time 15 SP2:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP1-BCL:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP1-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP2-BCL:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15 SP2-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server 15-LTSS:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:wpa_supplicant-2.9-4.33.1 SUSE Linux Enterprise Server for SAP Applications 15:wpa_supplicant-2.9-4.33.1 SUSE Manager Proxy 4.1:wpa_supplicant-2.9-4.33.1 SUSE Manager Retail Branch Server 4.1:wpa_supplicant-2.9-4.33.1 SUSE Manager Server 4.1:wpa_supplicant-2.9-4.33.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220716-1/ https://www.suse.com/security/cve/CVE-2022-23304.html CVE-2022-23304 https://bugzilla.suse.com/1194733 SUSE Bug 1194733 https://bugzilla.suse.com/1205064 SUSE Bug 1205064