Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

Debian 8 DSA-3397-1 Critical: WPA DoS in wpa_supplicant and hostapd

debian
Calendar Grey November 10, 2015
Scroller Debian
Important Security Notice DSA-3398-2 targets several vulnerabilities in the kernel package. Follow the guidelines to enhance your system's defenses against potential attacks.
Several vulnerabilities have been discovered in wpa_supplicant and hostapd

Summary

CVE-2015-4141

Kostya Kortchinsky of the Google Security Team discovered a
vulnerability in the WPS UPnP function with HTTP chunked transfer
encoding which may result in a denial of service.

CVE-2015-4142

Kostya Kortchinsky of the Google Security Team discovered a
vulnerability in the WMM Action frame processing which may result in
a denial of service.

CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146

Kostya Kortchinsky of the Google Security Team discovered that
EAP-pwd payload is not properly validated which may result in a
denial of service.

CVE-2015-5310

Jouni Malinen discovered a flaw in the WMM Sleep Mode Response frame
processing. A remote attacker can take advantage of this flaw to
mount a denial of service.

CVE-2015-5314 CVE-2015-5315

Jouni Malinen discovered a flaw in the handling of EAP-pwd messages
which may result in a denial of service.

CVE-2015-5316

Jouni Malinen discovered a flaw in the handling of EAP-pwd Confirm
messa...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: wpa
CVE ID: CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.