[SECURITY] [DLA 2572-1] wpa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2572-1] wpa security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 20 Feb 2021 12:01:24 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2102201157130.16583@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2572-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 20, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : wpa
Version        : 2:2.4-1+deb9u8
CVE ID         : CVE-2021-0326

An issue has been found in wpa, a set of tools to support WPA and WPA2(IEEE 802.11i).Missing validation of data can result in a buffer over-write, which mightlead to a DoS of the wpa_supplicant process or potentially arbitrary codeexecution.

On request, together with this upload support for WPA-EAP-SUITE-B(-192)has been enabled.



For Debian 9 stretch, this problem has been fixed in version
2:2.4-1+deb9u8.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAw+hRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeQfA/8CG6+NDI7NMY7gP3Icmz3MMFEoE2S3pfp0HFnbc008bUbuaiNPuC7NF2W
Lf5mdO2BCcezBzh3RkSuXh4E5gMnXY/KTSGmVI431GOucAbQzqDMp2z5jNO7WBlg
jHkh+Q+pHdx5IlBVw5D6ar1FsP7J9G8Nr7f9YIN64nzvmTd/c/phD+1oSkGv7B9x
qIHMCNNYvkU/PiyENAMSKDGhI7xXsFVXGpmnJligZCtUYqTZ72modjpERmRORafn
vRvdKeWaw/DIPxHODKlWIDtGmGuDFoT2uZs8P2K+Q+JC9d79Y/rM/pGT8VezCCUl
l+/Z5yOayFIXL1pt2IkfUWi60Q20+Lq12/fxMxot8V5zA60N0F7GXkS0KjcoIxHC
OI+iPTOeRzW9n5LHaOd+N1r702WoFd3+zLmamxNhRdCGkWm/CoDllyFM8GUHzQhm
hpeOCSc3maeD0rmrSV5eAQfIcF2fEy+01QRDUgOb+/9MkX54d8qzy8ur5ie3gIjj
fzm3f47ut6hQhoIll9Z/CLSW4JeNpv4dTNZLrZAxuV9m1UNLOz/o+rBUqYOuZw3v
kyfha8Xh9X6w1Rh7u1YLrRTZIRDC6t0keGWAFyTT6hrWZ4LdYwUFdoCv+ApO9Hk/
/cs6eJJWYWyqsEC/WXECKO8k+oaJP9my2TF8N+G82rCEAwnY7R0=
=1Owv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2571-1] openvswitch security update
Next by Date: [SECURITY] [DLA 2573-1] libzstd security update
Previous by thread: [SECURITY] [DLA 2571-1] openvswitch security update
Next by thread: [SECURITY] [DLA 2573-1] libzstd security update
Index(es):
- Date
- Thread