Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-260-1 hostapd

Debian Security Advisory

DLA-260-1 hostapd -- LTS security update

Date Reported:

30 Jun 2015

Affected Packages:

hostapd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-4142.

More information:

A vulnerability was found in WMM Action frame processing in a case where hostapd is used to implement AP mode MLME/SME functionality (i.e., Host AP driver of a mac80211-based driver on Linux).

This vulnerability can be used to perform denial of service attacks by an attacker that is within radio range of the AP that uses hostapd for MLME/SME operations.

For Debian 6 Squeeze, this vulnerability has been fixed in version 1:0.6.10-2+squeeze2 of hostapd. We recommend that you upgrade your hostapd package.