Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4450-1] wpa security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4450-1] wpa security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Yves-Alexis Perez <corsac AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4450-1] wpa security update
  • Date: Fri, 24 May 2019 16:29:52 +0200
  • List-archive: https://lists.debian.org/msgid-search/5ce7ffe0.a0082.950a383 AT scapa.corsac.net
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <corsac AT corsac.net>
  • Priority: urgent
  • Resent-date: Fri, 24 May 2019 14:31:04 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <cQ6jXVI3UHM.A.F8B.oAA6cB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4450-1 security AT debian.org
https://www.debian.org/security/ Yves-Alexis Perez
May 24, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2019-11555
Debian Bug : 927463

A vulnerability was found in the WPA protocol implementation found in
wpa_supplication (station) and hostapd (access point).

The EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) doesn't properly validate fragmentation reassembly state when receiving
an unexpected fragment. This could lead to a process crash due to a NULL
pointer derefrence.

An attacker in radio range of a station or access point with EAP-pwd support
could cause a crash of the relevant process (wpa_supplicant or hostapd),
ensuring a denial of service.

For the stable distribution (stretch), this problem has been fixed in
version 2:2.4-1+deb9u4.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlzn/TEACgkQ3rYcyPpX
RFspSAf/YMVZvCbELRqK4sZ42zqtP5UCpTx2usFHGakULukrdYOv4Jh9uHjME/VX
WAzY9sNIBGIlTpCW/P3qnIbwQaZLcVlZ9fF4JrepuArBC+Cr8Q3sYmUVoiPUTvTv
Sm9nj0M3A9yDukRSw8gPWPSjk8z1r4J2LMnCwyxNxug3Iqphr7CMdhTvOzowaEk6
hP18tVx4MHhemzag5zKCo7pLCuVxWyJYL9ndEpFuSl1si7EDUIeWkX9gWeLouIAN
zfExE2zUwfgdAzPdH3k4JvYABn7azTp1NgMSlzTTtT9r4yUkg80ilHi5mpeV0oLj
5G4VKNeNRoBOPjNOmOIa1tq6C2rS7g==
=hAb9
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4450-1] wpa security update, Yves-Alexis Perez, 24.05.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang