GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Aug 18, 2019 7:26 am Post subject: [ GLSA 201908-25 ] hostapd and wpa_supplicant |
 |
|
Gentoo Linux Security Advisory
Title: hostapd and wpa_supplicant: Denial of Service (GLSA 201908-25)
Severity: normal
Exploitable: remote
Date: 2019-08-18
Bug(s): #685860, #688588
ID: 201908-25
Synopsis
A vulnerability in hostapd and wpa_supplicant could lead to a
Denial of Service condition.
Background
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
802.11i / RSN).
hostapd is a user space daemon for access point and authentication
servers.
Affected Packages
Package: net-wireless/hostapd
Vulnerable: < 2.8
Unaffected: >= 2.8
Architectures: All supported architectures
Package: net-wireless/wpa_supplicant
Vulnerable: < 2.8
Unaffected: >= 2.8
Architectures: All supported architectures
Description
A vulnerability was discovered in hostapd’s and wpa_supplicant’s
eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files.
Impact
An attacker could cause a possible Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All hostapd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.8"
|
All wpa_supplicant users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.8"
|
References
CVE-2019-11555 |
|
News & Announcements
