Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: FEDORA-2019-28d3ca93d2 moderate: hostapd EAP-pwd Security Fix

fedora
Calendar Grey June 6, 2019
Dist Fedora Esm H88
The latest release of hostapd 2.8 features a critical patch addressing the EAP-pwd NULL pointer vulnerability. Ensure your system is upgraded promptly to bolster security.
Update to version 2.8 from upstream, Security fix for [CVE-2019-11555]

Summary

hostapd is a user space daemon for access point and authentication servers. It

implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP

Authenticators and RADIUS authentication server.

hostapd is designed to be a "daemon" program that runs in the back-ground and

acts as the backend component controlling authentication. hostapd supports

separate frontend programs and an example text-based frontend, hostapd_cli, is

included with hostapd.

Update to version 2.8 from upstream, Security fix for [CVE-2019-11555]

* Wed May 15 2019 John W. Linville - 2.8-1

- Update to version 2.8 from upstream

- Drop obsoleted patches

* Fri Apr 12 2019 John W. Linville - 2.7-2

- Bump N-V-R for rebuild

* Fri Apr 12 2019 John W. Linville - 2.7-1

- Update to version 2.7 from upstream

- Remove obsolete patches for NL80211_ATTR_SMPS_MODE encoding and KRACK

- Fix CVE-2019-9494 (cache attack against SAE)

- Fix CVE-2019-9495 (cache attack against EAP-pwd)

- Fix CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

- Fix CVE-2019-9497 (EAP-pwd server not checking for reflection attack)

- Fix CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)

- Fix CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

[ 1 ] Bug #1703417 - CVE-2019-11555 wpa_supplicant: NULL pointer dereference due to improper fragmentation reassembly state validation in EAP-pwd implementation

https://bugzilla.redhat.com/show_bug.cgi?id=1703417

su -c 'dnf upgrade --advisory FEDORA-2019-28d3ca93d2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora DoS NULL pointer hostapd authenticator EAP

Change Log

References

Update Instructions

Product: Fedora 30
Version: 2.8
Release: 1.fc30
URL: http://w1.fi/hostapd/
Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

Topics%20covered

Topics Covered

security advisory Fedora DoS NULL pointer hostapd authenticator EAP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here