You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa wpa_supplicant i hostapd

Sigurnosni nedostatak programskih paketa wpa_supplicant i hostapd

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3969-1
May 07, 2019

wpa vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

wpa_supplicant and hostapd could be made to crash if they received
specially crafted network traffic.

Software Description:
– wpa: client support for WPA and WPA2

Details:

It was discovered that wpa_supplicant and hostapd incorrectly handled
unexpected fragments when using EAP-pwd. A remote attacker could possibly
use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
hostapd 2:2.6-21ubuntu3.1
wpasupplicant 2:2.6-21ubuntu3.1

Ubuntu 18.10:
hostapd 2:2.6-18ubuntu1.2
wpasupplicant 2:2.6-18ubuntu1.2

Ubuntu 18.04 LTS:
hostapd 2:2.6-15ubuntu2.3
wpasupplicant 2:2.6-15ubuntu2.3

Ubuntu 16.04 LTS:
hostapd 2.4-0ubuntu6.5
wpasupplicant 2.4-0ubuntu6.5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3969-1
CVE-2019-11555

Package Information:
https://launchpad.net/ubuntu/+source/wpa/2:2.6-21ubuntu3.1
https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.2
https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.3
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzRoX0ACgkQZWnYVadE
vpOR1A/9HMdBijIJGqdwg7wM+Rbcdu+gm65gRngGKvCGANhhsfhPzK8l37pGRQM1
TIPxLHPCfsGCwpQk955Mt/I/DA+O6KRmbjQ3QJEZbzafdOK9ZTcbK32v++Mo7BAh
EJ05rH3pd+FLXSyDLAJpBIbhFfVtZ7jSAm388fQklEuf4lfuwfRoh+Y/K0ztMVsb
Xnz3BPKqI4WSnxp6bSV3JrZDGI6k0B4DJC/eDCIF4nJJNsiUR/8E8hT9O85nR/iI
9O356/eQb3JzXwlAET87KyQQ6o+g16ltJvOrNIJ+vazI5PhUj6gQ+D/hNp4ytdBl
b1SMW6je7GtdgkQA433MmS6eqLhZuHTxh6SA3amrJVJ63j40hgOqyKsUnGx9/bkF
bTk3fL6cLjKN+yhedEmaSJkyHpZuL83gvrB7RrblAlHQ8XUDO4Tazi+LKlv9noOD
hwsb1/XobdUReVUsk4W7px0G2bKc9CPDv3W5483EejH3pWLVg88gySyniQu3WuZS
QeXaOn8Qt8k/WMNELkh/zvtNpK0PuVSdDvaSd8k58fIf3QDFr74wgyRVmUBJbBdg
l3D4ZrzQqKvFVgaFJhHeCPHeYEIObOeE71Az5IFAd75gSMif8n4/VCMioDu8QzCc
mUBhh5SkPbehlp05XMI38N0bu3c1gfnTNsRTcNJ/o/l0BfYSIc8=
=GB/M
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2019-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa flatpak

Otkriven je sigurnosni nedostatak u programskom paketu flatpak za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja...

Close