wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SETCRED, or (3) SET_NETWORK command.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "hostapd-dbgsym": "1:2.1-0ubuntu1.5", "wpasupplicant-udeb": "2.1-0ubuntu1.5", "wpagui-dbgsym": "2.1-0ubuntu1.5", "hostapd": "1:2.1-0ubuntu1.5", "wpagui": "2.1-0ubuntu1.5", "wpasupplicant": "2.1-0ubuntu1.5", "wpasupplicant-udeb-dbgsym": "2.1-0ubuntu1.5", "wpasupplicant-dbgsym": "2.1-0ubuntu1.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "hostapd-dbgsym": "1:2.4-0ubuntu6.2", "wpasupplicant-udeb": "2.4-0ubuntu6.2", "wpagui-dbgsym": "2.4-0ubuntu6.2", "hostapd": "1:2.4-0ubuntu6.2", "wpagui": "2.4-0ubuntu6.2", "wpasupplicant": "2.4-0ubuntu6.2", "wpasupplicant-udeb-dbgsym": "2.4-0ubuntu6.2", "wpasupplicant-dbgsym": "2.4-0ubuntu6.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "hostapd-dbgsym": "1:2.4-0ubuntu10", "wpasupplicant-udeb": "2.4-0ubuntu10", "wpagui-dbgsym": "2.4-0ubuntu10", "hostapd": "1:2.4-0ubuntu10", "wpagui": "2.4-0ubuntu10", "wpasupplicant": "2.4-0ubuntu10", "wpasupplicant-dbgsym": "2.4-0ubuntu10" } ] }