[SECURITY] [DLA 1462-1] wpa security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : wpa
Version : 2.3-1+deb8u6
CVE ID : CVE-2018-14526
Debian Bug : 905739
The following vulnerability was discovered in wpa_supplicant.
CVE-2018-14526:
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
| through 2.6. Under certain conditions, the integrity of EAPOL-Key
| messages is not checked, leading to a decryption oracle. An attacker
| within range of the Access Point and client can abuse the
| vulnerability to recover sensitive information.
For Debian 8 "Jessie", this problem has been fixed in version
2.3-1+deb8u6.
We recommend that you upgrade your wpa packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS.
- --
Andrej Shadura
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAltsIDoACgkQXkCM2RzY
OdKJTAf/ZqPuoLp3XimL5YpOLnWuIw6+8MjlzFnA9o0YVzIv2C/QSQOK5OaboJdS
9Jp6i8lABpcjfmrFxuTLSzndpNISwSm1qfj3KU+VZ5ClXVyJ1zO8G6rodaSRWPx1
S5lK4V75RyFKmnC+yPx0i7c3JBuTQfMX/78diwo+lwOKxehAPcV7rEgh9vtIXIw+
DRHm7JBqYhppToLunhDPtwjKgjfaB/UPEcMvZzql78YtJPS+17ZEOzURQrXa11nA
gt54IS3HjoDNI5rJrgXJJ0vSeRB/pfT+dbZGfyomkfbj6oTZ6MSBXjBJBkSrCpyk
5WXpCas6fwby3HOv/XzVhwaD0MrEUQ==
=SOXx
-----END PGP SIGNATURE-----
Reply to: