[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1462-1] wpa security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : wpa
Version        : 2.3-1+deb8u6
CVE ID         : CVE-2018-14526
Debian Bug     : 905739

The following vulnerability was discovered in wpa_supplicant.

CVE-2018-14526:
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
| through 2.6. Under certain conditions, the integrity of EAPOL-Key
| messages is not checked, leading to a decryption oracle. An attacker
| within range of the Access Point and client can abuse the
| vulnerability to recover sensitive information.

For Debian 8 "Jessie", this problem has been fixed in version
2.3-1+deb8u6.

We recommend that you upgrade your wpa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS.

- -- 
Andrej Shadura

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAltsIDoACgkQXkCM2RzY
OdKJTAf/ZqPuoLp3XimL5YpOLnWuIw6+8MjlzFnA9o0YVzIv2C/QSQOK5OaboJdS
9Jp6i8lABpcjfmrFxuTLSzndpNISwSm1qfj3KU+VZ5ClXVyJ1zO8G6rodaSRWPx1
S5lK4V75RyFKmnC+yPx0i7c3JBuTQfMX/78diwo+lwOKxehAPcV7rEgh9vtIXIw+
DRHm7JBqYhppToLunhDPtwjKgjfaB/UPEcMvZzql78YtJPS+17ZEOzURQrXa11nA
gt54IS3HjoDNI5rJrgXJJ0vSeRB/pfT+dbZGfyomkfbj6oTZ6MSBXjBJBkSrCpyk
5WXpCas6fwby3HOv/XzVhwaD0MrEUQ==
=SOXx
-----END PGP SIGNATURE-----


Reply to: