On Fri, Oct 10, 2014 at 6:57 AM, Sébastien Marie
<semarie-open...@latrappe.fr> wrote:
> Hi David,
>
> You may have already be advertised, but in case... the current version
> of wpa_supplicant in openbsd-ports may be vulnerable to a remote command
> execution.
>
> The vulnerability description is here:
> http://w1.fi/security/2014-1/wpacli-action-scripts.txt
>
> The vulnerability on v2.2 is triggeable if some configuration options
> are enable (CONFIG_P2P or CONFIG_WNM or CONFIG_HS20 or CONFIG_WPS), but
> I don't see any of them in current build (files/config). So I don't sure
> if the version in ports is vulnerable or not.
>
> Thanks.
> --
> Sébastien Marie
I'll send an update to wpa_supplicant-2.3 later this day.
Thanks!
David
--
"If you try a few times and give up, you'll never get there. But if
you keep at it... There's a lot of problems in the world which can
really be solved by applying two or three times the persistence that
other people will."
-- Stewart Nelson
