A vulnerability (CVE-2021-27803) yakaonekwa muwpa_supplicant package, inoshandiswa kubatanidza kune isina waya network mune akawanda Linux, *BSD uye Android kugovera, iyo inogona kushandiswa kuita kurwisa kodhi kana ichigadzira yakanyatso gadzirwa Wi-Fi. Yakananga kudzora mafuremu (Wi-Fi P2P). Kuti aite kurwisa, anorwisa anofanira kunge ari mukati meiyo network isina waya kuti atumire seti yakanyatso gadzirwa yemafuremu kune akabatwa.
Dambudziko rinokonzerwa nebug muWi-Fi P2P mubato, nekuda kwekuti kugadzirisa kweiyo PDR (Provision Discovery Chikumbiro) furemu isina kurongeka inogona kutungamira kune iyo mamiriro ekuti rekodhi nezve yekare P2P peer ichabviswa uye iyo ruzivo ruchanyorwa kune yakatosunungurwa memory block (shandisa -after-yemahara). Iyo nyaya inobata wpa_supplicant inoburitsa 1.0 kuburikidza ne2.9, yakabatanidzwa neCONFIG_P2P sarudzo.
Kusagadzikana kunogadziriswa mukuburitswa kwewpa_supplicant 2.10. Mukugovera, hotfix update yakadhindwa yeFedora Linux. Mamiriro ekuburitswa kwezvigadziriso nezvimwe zvinogoverwa zvinogona kuteverwa pamapeji: Debian, Ubuntu, RHEL, SUSE, Arch Linux. Sechishandiso chekuvharisa kusazvibata, ingodzima rutsigiro rweP2P nekutsanangura "p2p_disabled=1" muzvirongwa kana kumhanyisa "P2P_SET yakaremara 1" kuraira muCLI interface.
Source: opennet.ru