Package "wpa"
Name: |
wpa
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- client support for WPA and WPA2 (IEEE 802.11i)
|
Latest version: |
2.1-0ubuntu1.7 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "wpa" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
wpa (2.1-0ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/VU-871675/*.patch: backported upstream patches.
- CVE-2019-9495
- CVE-2019-9497
- CVE-2019-9498
- CVE-2019-9499
* SECURITY UPDATE: insecure os_random() fallback
- debian/patches/CVE-2016-10743.patch: Use only os_get_random() for PIN
generation.
- CVE-2016-10743
-- Marc Deslauriers <email address hidden> Tue, 09 Apr 2019 08:28:53 -0400
|
Source diff to previous version |
CVE-2019-9495 |
cache attack against EAP-pwd |
CVE-2019-9497 |
EAP-pwd server not checking for reflection attack |
CVE-2019-9498 |
EAP-pwd server missing commit validation for scalar/element |
CVE-2019-9499 |
EAP-pwd peer missing commit validation for scalar/element |
CVE-2016-10743 |
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. |
|
wpa (2.1-0ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: Expose sensitive information
- debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c.
- CVE-2018-14526
-- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Aug 2018 14:17:41 -0300
|
Source diff to previous version |
CVE-2018-14526 |
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not che |
|
wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian jessie
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian jessie
- CVE-2016-4476
- CVE-2016-4477
-- Marc Deslauriers <email address hidden> Mon, 16 Oct 2017 08:20:18 -0400
|
Source diff to previous version |
CVE-2017-1307 |
RESERVED |
CVE-2017-1308 |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have acces |
CVE-2016-4476 |
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attac |
CVE-2016-4477 |
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library |
|
wpa (2.1-0ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
- debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
- CVE-2015-5310
* SECURITY UPDATE: EAP-pwd missing last fragment length validation
- debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
validation in src/eap_peer/eap_pwd.c.
- debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
validation in src/eap_server/eap_server_pwd.c.
- CVE-2015-5315
-- Marc Deslauriers Mon, 09 Nov 2015 07:23:28 -0600
|
Source diff to previous version |
CVE-2015-5310 |
wpa_supplicant unauthorized WNM Sleep Mode GTK control |
CVE-2015-5315 |
wpa_supplicant: EAP-pwd missing last fragment length validation |
|
wpa (2.1-0ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via WPS UPnP
- debian/patches/CVE-2015-4141.patch: check chunk size in
src/wps/httpread.c.
- CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
- debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
- CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
- debian/patches/CVE-2015-4143-4146.patch: check lengths in
src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
- CVE-2015-4143
- CVE-2015-4144
- CVE-2015-4145
- CVE-2015-4146
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 10:34:37 -0400
|
|
About
-
Send Feedback to @ubuntu_updates