Red Hat Security Advisory 2018-3107-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Issues addressed include a randomization vulnerability.
772878c69907271485fc4ae9eb4422e12124bf9cca9256df46f49bc8f586bf25
Ubuntu Security Notice 3745-1 - It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access sensitive information.
544772be98eeb905e10b1f1abc38974e25fea0cd0e2bbe666f343bdb81305c59
FreeBSD Security Advisory - When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages. All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key.
580871e8a4fb8190df6331da035c23fcf242dbb8f22aa1f5688ca63b0ad0891e