it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5631-1] iwd security update
- Date: Sun, 25 Feb 2024 10:45:20 +0000
- List-archive: https://lists.debian.org/msgid-search/E1reC0W-004wL7-Cy AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=smBxJUA1OV0lkj8BiuILpkxqTmBUG6XKo1UwCmSwrwQ=; b=jU yXV5i77VyPlUU+SaeKMclTKTPw+EfM8TgqEcyDvvkpKUFDawqNCwfvUezn5AGaF6P5mNGw1s3rP42 ypgiBnD7o1uecYEpC9Aqz/9s+KUJqOSqmnRy1fkPHaXTWtaEPq7z6GPLGV1x1vP5tVRFajN7tWSNr AubMRfYzutF8IzzTMkcfEUrLGEUlFbBEPmRbszrTiNTbh/r4J6mwNZRLnchBwm8QPVLPYcbKxkMce X1GM/CUyMyyPJqt3sooo8Ibv9dGG7/+q8rhtDN5+b0XYuxliGBHNIYdOjSgFdeYowsYhUOKYGLLlU YiJc3U83/6r9Ec9ecE3KuQ+jBd2d5j1Q==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 25 Feb 2024 10:45:49 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <vL_QpdsIxoC.A.-FC.cpx2lB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5631-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : iwd
CVE ID : CVE-2023-52161
Debian Bug : 1064062
It was discovered that iwd, the iNet Wireless Daemon, does not properly
handle messages in the 4-way handshake used when connecting to a
protected WiFi network for the first time. An attacker can take
advantage of this flaw to gain unauthorized access to a protected WiFi
network if iwd is operating in Access Point (AP) mode.
For the oldstable distribution (bullseye), this problem has been fixed
in version 1.14-3+deb11u1.
For the stable distribution (bookworm), this problem has been fixed in
version 2.3-1+deb12u1.
We recommend that you upgrade your iwd packages.
For the detailed security status of iwd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/iwd
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXbGdBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TLGg/9HYY8mbmW8ZU9Kf6v7Bns1D7hNx+6C76koK3nliJ1nTwya7rBBCkBo2TB
1/x0h94k2s4AV5KSrJmP2RsqeGrnF/cTp8cKvdNYTU8QJYZA7q1B29MNQDhxqUYC
O+HsSgm/HZdsNtajnqZi8KpP4wCbx9w5c1DZ2jmHt5z/vfZAn/Y5FOsPW0fZxe6U
GNyoZ0/YwuY9bdH4dvhhsJOZg3B3FtD/DD7IsN0ltY2rFjJmmsQusCrmyDQsNYDY
cH3iobOmHQPQ/QnjtrUQsyZb0M6/49EW38H1F76oc57o8jf4MTMsa68TeSFnBC5O
OZ5MToB5yKiBAT0+J8wClBGI4iLYCkg6VERLT6pc7d+ffX+EshcTV9eAJgUUoeRG
uCNld9M01gRN+i51Gib5YidfMhGQmRb9CMpiF3Ll5rErl/YmQ91GV5W5rBngEpkd
QNedIYpPD/tqf2QxTcAzFyT+C+NgcB/LOI3O8p2rjYFEHl773DJEeHvfbwaTKgdK
rlZUouO2lqadNQXugrLsGDNqhHOuVgxxzBONjZMyDKjfEOlcqjnySWeZ4CArxAri
BVWJ5BbHf50ZLBpo7agcB//u0IH8z31OZwbkNXJfE58gVV0JRuqsfDbn0sIG6CB4
r4I5CNICiubHZDJNwkGOVhdmSFcd5nelmPa45inO2DgxEBAKVdU=
=Pykz
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5631-1] iwd security update, Salvatore Bonaccorso, 25.02.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.