주의: 이 번역은 원문보다 오래되었습니다.

데비안 보안 권고

DSA-4538-1 wpa -- 보안 업데이트

보고일:
2019년 09월 29일
영향 받는 패키지:
wpa
위험성:
보안 데이터베이스 참조:
데비안 버그 추적 시스템: 버그 934180, 버그 940080.
Mitre의 CVE 사전: CVE-2019-13377, CVE-2019-16275.
추가 정보:

Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).

  • CVE-2019-13377

    A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password.

  • CVE-2019-16275

    Insufficient source address validation for some received Management frames in hostapd could lead to a denial of service for stations associated to an access point. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.

안정 배포(buster)에서, 이 문제를 버전 2:2.7+git20190128+0c1e29f-6+deb10u1에서 수정했습니다.

wpa 패키지를 업그레이드 하는 게 좋습니다.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa