Debian Long Term Support / LTS Security Information / 2021 / Security Information -- DLA-2581-1 wpa

Debian Security Advisory

DLA-2581-1 wpa -- LTS security update

Date Reported:

03 Mar 2021

Affected Packages:

wpa

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2021-27803.

More information:

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

For Debian 9 stretch, this problem has been fixed in version 2:2.4-1+deb9u9.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS