UbuntuUpdates.org

Package "wpa"

Name: wpa

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • client support for WPA and WPA2 (IEEE 802.11i)

Latest version: 2.1-0ubuntu1.6
Release: trusty (14.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "wpa": https://www.ubuntuupdates.org/wpa



Other versions of "wpa" in Trusty

Repository Area Version
base main 2.1-0ubuntu1
base universe 2.1-0ubuntu1
security universe 2.1-0ubuntu1.6
updates universe 2.1-0ubuntu1.6
updates main 2.1-0ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1-0ubuntu1.6 2018-08-20 14:06:55 UTC

  wpa (2.1-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Expose sensitive information
    - debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c.
    - CVE-2018-14526

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Aug 2018 14:17:41 -0300

Source diff to previous version
CVE-2018-14526 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not che

Version: 2.1-0ubuntu1.5 2017-10-16 17:06:43 UTC

  wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple issues in WPA protocol
    - debian/patches/2017-1/*.patch: Add patches from Debian jessie
    - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
      CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
      CVE-2017-13088
  * SECURITY UPDATE: Denial of service issues
    - debian/patches/2016-1/*.patch: Add patches from Debian jessie
    - CVE-2016-4476
    - CVE-2016-4477

 -- Marc Deslauriers <email address hidden> Mon, 16 Oct 2017 08:20:18 -0400

Source diff to previous version
CVE-2017-1307 RESERVED
CVE-2017-1308 IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have acces
CVE-2016-4476 hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attac
CVE-2016-4477 wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library

Version: 2.1-0ubuntu1.4 2015-11-10 19:07:05 UTC

  wpa (2.1-0ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
    - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
      Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
    - CVE-2015-5310
  * SECURITY UPDATE: EAP-pwd missing last fragment length validation
    - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
      validation in src/eap_peer/eap_pwd.c.
    - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
      validation in src/eap_server/eap_server_pwd.c.
    - CVE-2015-5315

 -- Marc Deslauriers Mon, 09 Nov 2015 07:23:28 -0600

Source diff to previous version
CVE-2015-5310 wpa_supplicant unauthorized WNM Sleep Mode GTK control
CVE-2015-5315 wpa_supplicant: EAP-pwd missing last fragment length validation

Version: 2.1-0ubuntu1.3 2015-06-16 18:07:05 UTC

  wpa (2.1-0ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via WPS UPnP
    - debian/patches/CVE-2015-4141.patch: check chunk size in
      src/wps/httpread.c.
    - CVE-2015-4141
  * SECURITY UPDATE: denial of service via AP mode WMM Action frame
    - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
    - CVE-2015-4142
  * SECURITY UPDATE: denial of service via EAP-pwd
    - debian/patches/CVE-2015-4143-4146.patch: check lengths in
      src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
    - CVE-2015-4143
    - CVE-2015-4144
    - CVE-2015-4145
    - CVE-2015-4146

 -- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 10:34:37 -0400

Source diff to previous version
CVE-2015-4141 WPS UPnP vulnerability with HTTP chunked transfer encoding
CVE-2015-4142 Integer underflow in AP mode WMM Action frame processing
CVE-2015-4143 EAP-pwd missing payload length validation
CVE-2015-4144 EAP-pwd missing payload length validation
CVE-2015-4145 EAP-pwd missing payload length validation
CVE-2015-4146 EAP-pwd missing payload length validation

Version: 2.1-0ubuntu1.2 2015-04-23 15:06:16 UTC

  wpa (2.1-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: memcpy overflow in P2P functionality
    - debian/patches/CVE-2015-1863.patch: validate SID element length in
      src/p2p/p2p.c.
    - CVE-2015-1863
 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2015 13:45:07 -0400

CVE-2015-1863 P2P SSID processing vulnerability



About   -   Send Feedback to @ubuntu_updates