Univention Bugzilla – Bug 47571
wpa: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:56 CEST
New Debian wpa 2.3-1+deb8u6A~4.2.4.201808101752 fixes: This update addresses the following issue: CVE_2017-13084 is open * An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. (CVE-2018-14526) 2.3-1+deb8u6 (Thu, 09 Aug 2018 09:59:11 +0200) * SECURITY UPDATE: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data * CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/wpa_2.3-1+deb8u5A~4.2.3.201801251012.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/wpa_2.3-1+deb8u6A~4.2.4.201808101752.dsc @@ -1,8 +1,14 @@ -2.3-1+deb8u5A~4.2.3.201801251012 [Thu, 25 Jan 2018 10:27:14 +0100] Univention builddaemon <buildd@univention.de>: +2.3-1+deb8u6A~4.2.4.201808101752 [Fri, 10 Aug 2018 17:57:19 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package eapol_test eapol_test + +2.3-1+deb8u6 [Thu, 09 Aug 2018 09:59:11 +0200] Andrej Shadura <andrewsh@debian.org>: + + * SECURITY UPDATE: + - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data + (Closes: #905739) 2.3-1+deb8u5 [Sat, 14 Oct 2017 14:11:26 +0200] Yves-Alexis Perez <corsac@debian.org>: <http://10.200.17.11/4.2-4/#1879963446397312206>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 3ab324ba74 Bug #47571: wpa 2.3-1+deb8u6A~4.2.4.201808101752 doc/errata/staging/wpa.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) [4.2-4] 6f00b4b11d Bug #47571: wpa 2.3-1+deb8u6A~4.2.4.201808101752 doc/errata/staging/wpa.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/486.html>