Wed Feb 28 18:36:48 UTC 202420240228183648_15.0

patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz:  Rebuilt.
  Patched the implementation of PEAP in wpa_supplicant to prevent an
  authentication bypass. For a successful attack, wpa_supplicant must be
  configured to not verify the network's TLS certificate during Phase 1
  authentication, and an eap_peap_decrypt vulnerability can then be abused
  to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
  Success packet instead of starting Phase 2. This allows an adversary to
  impersonate Enterprise Wi-Fi networks.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52160
  (* Security fix *)

1 files changed, 11 insertions, 0 deletions

diff --git a/patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txt b/patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txt
new file mode 100644
index 000000000..9cf7cea7e
--- /dev/null
+++ b/patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txt
@@ -0,0 +1,11 @@
+wpa_supplicant: wpa_supplicant (WPA/WPA2/IEEE 802.1X Supplicant)
+wpa_supplicant:
+wpa_supplicant: wpa_supplicant is a WPA Supplicant for Linux with support for WPA and
+wpa_supplicant: WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
+wpa_supplicant: component that is used in the client stations. It implements key
+wpa_supplicant: negotiation with a WPA Authenticator and it controls the roaming and
+wpa_supplicant: IEEE 802.11 authentication/association of the wlan driver.
+wpa_supplicant:
+wpa_supplicant: Homepage: http://hostap.epitest.fi/wpa_supplicant/
+wpa_supplicant:
+wpa_supplicant: