wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote malicious users to cause a man-in-the-middle attack.
w1.fi wpa supplicant 2.0-16