Linux Security
Linux Security
Linux Security

Debian: DSA-3397-1: wpa security update

Date 10 Nov 2015
228
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in wpa_supplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems:

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3397-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                     Salvatore Bonaccorso
November 10, 2015                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wpa
CVE ID         : CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144
                 CVE-2015-4145 CVE-2015-4146 CVE-2015-5310 CVE-2015-5314
                 CVE-2015-5315 CVE-2015-5316 CVE-2015-8041
Debian Bug     : 787371 787372 787373 795740 804707 804708 804710

Several vulnerabilities have been discovered in wpa_supplicant and
hostapd. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2015-4141

    Kostya Kortchinsky of the Google Security Team discovered a
    vulnerability in the WPS UPnP function with HTTP chunked transfer
    encoding which may result in a denial of service.

CVE-2015-4142

    Kostya Kortchinsky of the Google Security Team discovered a
    vulnerability in the WMM Action frame processing which may result in
    a denial of service.

CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146

    Kostya Kortchinsky of the Google Security Team discovered that
    EAP-pwd payload is not properly validated which may result in a
    denial of service.

CVE-2015-5310

    Jouni Malinen discovered a flaw in the WMM Sleep Mode Response frame
    processing. A remote attacker can take advantage of this flaw to
    mount a denial of service.

CVE-2015-5314 CVE-2015-5315

    Jouni Malinen discovered a flaw in the handling of EAP-pwd messages
    which may result in a denial of service.

CVE-2015-5316

    Jouni Malinen discovered a flaw in the handling of EAP-pwd Confirm
    messages which may result in a denial of service.

CVE-2015-8041

    Incomplete WPS and P2P NFC NDEF record payload length validation may
    result in a denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0-3+deb7u3. The oldstable distribution (wheezy) is only
affected by CVE-2015-4141, CVE-2015-4142, CVE-2015-4143 and
CVE-2015-8041.

For the stable distribution (jessie), these problems have been fixed in
version 2.3-1+deb8u3.

We recommend that you upgrade your wpa packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.