Was wpa_supplicant CVE-2018-14526 fixed in 10.4-p11?

Miroslav Lachman 000.fbsd at quip.cz
Mon Aug 27 22:20:49 UTC 2018


Running pkg audit FreeBSD-10.4_11 gives me one vulnerability:

# pkg audit FreeBSD-10.4_11
FreeBSD-10.4_11 is vulnerable:
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
CVE: CVE-2018-14526
WWW: 
https://vuxml.FreeBSD.org/freebsd/6bedc863-9fbe-11e8-945f-206a8a720317.html

1 problem(s) in the installed packages found.

But information on the page shows it was fixed in 10.4-p10:

Affected packages
wpa_supplicant 	< 	2.6_2
FreeBSD 	<= 	10.4_10
FreeBSD 	<= 	11.2_1

So... was it really fixed? Is there incorrect info in VuXML database 
file or on the web page?

Kind regards
Miroslav Lachman


More information about the freebsd-security mailing list