ALAS2-2021-1624


Amazon Linux 2 Security Advisory: ALAS-2021-1624
Advisory Release Date: 2021-03-25 18:31 Pacific
Advisory Updated Date: 2021-03-25 20:51 Pacific
Severity: Important
References: CVE-2021-27803 

Issue Overview:

A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-27803 )


Affected Packages:

wpa_supplicant


Issue Correction:
Run yum update wpa_supplicant to update your system.

New Packages:
aarch64:
    wpa_supplicant-2.6-12.amzn2.2.1.aarch64
    wpa_supplicant-debuginfo-2.6-12.amzn2.2.1.aarch64

i686:
    wpa_supplicant-2.6-12.amzn2.2.1.i686
    wpa_supplicant-debuginfo-2.6-12.amzn2.2.1.i686

src:
    wpa_supplicant-2.6-12.amzn2.2.1.src

x86_64:
    wpa_supplicant-2.6-12.amzn2.2.1.x86_64
    wpa_supplicant-debuginfo-2.6-12.amzn2.2.1.x86_64