UbuntuUpdates.org

Package "wpa"

Name: wpa

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • client support for WPA and WPA2 (IEEE 802.11i)

Latest version: 2.4-0ubuntu6.6
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "wpa": https://www.ubuntuupdates.org/wpa



Other versions of "wpa" in Xenial

Repository Area Version
base main 2.4-0ubuntu6
base universe 1:2.4-0ubuntu6
security main 2.4-0ubuntu6.6
security universe 2.4-0ubuntu6.6
updates universe 2.4-0ubuntu6.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4-0ubuntu6.6 2019-09-18 15:06:17 UTC

  wpa (2.4-0ubuntu6.6) xenial-security; urgency=medium

   * SECURITY UPDATE: Incorrect indication of disconnection in certain
     situations
     - debian/patches/CVE-2019-16275.patch: silently ignore management
       frame from unexpected source address in src/ap/drv_callbacks.c,
       src/ap/ieee882_11.c.
     - CVE-2019-16275

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Sep 2019 08:41:25 -0300

Source diff to previous version
CVE-2019-16275 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address valida

Version: 2.4-0ubuntu6.5 2019-05-07 16:07:11 UTC

  wpa (2.4-0ubuntu6.5) xenial-security; urgency=medium

  * SECURITY UPDATE: EAP-pwd DoS via unexpected fragment
    - debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
      in src/eap_server/eap_server_pwd.c.
    - debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
      in src/eap_peer/eap_pwd.c.
    - CVE-2019-11555

 -- Marc Deslauriers <email address hidden> Wed, 01 May 2019 09:59:21 -0400

Source diff to previous version
CVE-2019-11555 The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly sta

Version: 2.4-0ubuntu6.4 2019-04-10 19:07:27 UTC

  wpa (2.4-0ubuntu6.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/VU-871675/*.patch: backported upstream patches.
    - CVE-2019-9495
    - CVE-2019-9497
    - CVE-2019-9498
    - CVE-2019-9499
  * SECURITY UPDATE: insecure os_random() fallback
    - debian/patches/CVE-2016-10743.patch: Use only os_get_random() for PIN
      generation.
    - CVE-2016-10743

 -- Marc Deslauriers <email address hidden> Tue, 09 Apr 2019 07:29:43 -0400

Source diff to previous version
CVE-2019-9495 cache attack against EAP-pwd
CVE-2019-9497 EAP-pwd server not checking for reflection attack
CVE-2019-9498 EAP-pwd server missing commit validation for scalar/element
CVE-2019-9499 EAP-pwd peer missing commit validation for scalar/element
CVE-2016-10743 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

Version: 2.4-0ubuntu6.3 2018-08-20 14:07:04 UTC

  wpa (2.4-0ubuntu6.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Expose sensitive information
    - debian/patches/CVE-2018-14526.patch: fix in src/rsn_supp/wpa.c.
    - CVE-2018-14526

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Aug 2018 12:51:53 -0300

Source diff to previous version
CVE-2018-14526 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not che

Version: 2.4-0ubuntu6.2 2017-10-16 18:06:45 UTC

  wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple issues in WPA protocol
    - debian/patches/2017-1/*.patch: Add patches from Debian stretch
    - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
      CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
      CVE-2017-13088
  * SECURITY UPDATE: Denial of service issues
    - debian/patches/2016-1/*.patch: Add patches from Debian stretch
    - CVE-2016-4476
    - CVE-2016-4477
  * This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
    xenial-proposed.

 -- Marc Deslauriers <email address hidden> Mon, 16 Oct 2017 07:58:48 -0400

CVE-2017-1307 RESERVED
CVE-2017-1308 IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have acces
CVE-2016-4476 hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attac
CVE-2016-4477 wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library



About   -   Send Feedback to @ubuntu_updates