You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa wpa i wpasupplicant

Sigurnosni nedostaci programskih paketa wpa i wpasupplicant

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-4136-2
September 18, 2019

wpa, wpasupplicant vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.

Software Description:
– wpa: client support for WPA and WPA2
– wpasupplicant: client support for WPA and WPA2

Details:

USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
hostapd 1:2.1-0ubuntu1.7+esm2
wpasupplicant 2.1-0ubuntu1.7+esm2

Ubuntu 12.04 ESM:
wpasupplicant 0.7.3-6ubuntu2.5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4136-2
https://usn.ubuntu.com/4136-1
CVE-2019-16275
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdgkPWAAoJEEW851uECx9p8OwQAKme0muK2aO7Rac03J8V2hh5
FSEmo/ecbv45ZNVwzgMFag2Cx4koneSWIFac3M4XrPbM7XoSyIdjgkQlGPheiYVT
ZZT0UnxPh51nPY0nMRSCgP3qlfLVawqablZebZJpHUoFIGoNqnPUInlsXuDKBGBt
YWUS7u6P3yhB4+c2EJjfyH+4tOv4+rYXyKMU0EsXw57Ph915qybBO29Ito4Gw/mP
Q59QqckLBxJPDmTFmuP7AXhawWLGkHj+VWz8Vu61pg998lwddKYatIgJS7J4iyxy
41ZNc4M142ePzBHOhw7My05qTHPKqr1C2sOj5PmhYdYpCyGSdpcU/Y4Yvrv+fYq5
Bz7nAn3BMATaP8erjNfS7CePi3AWw6LeixrG1OXJz/JM3lK2KwCp5YWmp1vxCiih
RXrbgUXVU6G7aa4jMHkNyBv8MlkZEtYtHwCbRjh0cZ8tZqcqoB2TplzAdX5MXS+S
rfHHVP73KOvlSnZD7Kz0mhh3h8KCvJ5rcZ6eI7++IzlmIGkEV10bsE+ASN+GFIZv
GbJa7Y8gDJC/i3DLpo+hW+L+urUjhy3IU7EE7KVR8WNj8QiYklFZgp0E8TOsMTOY
7xupIryNO0utz/vldH8p67lofPQb1xDiGUbtzeZf15a/OohVQAqnSScTX8FU3Gia
RE33FDT5eFudP5NsWsPO
=rq2a
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4136-1
September 18, 2019

wpa vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.

Software Description:
– wpa: client support for WPA and WPA2

Details:

It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
hostapd 2:2.6-21ubuntu3.3
wpasupplicant 2:2.6-21ubuntu3.3

Ubuntu 18.04 LTS:
hostapd 2:2.6-15ubuntu2.5
wpasupplicant 2:2.6-15ubuntu2.5

Ubuntu 16.04 LTS:
hostapd 1:2.4-0ubuntu6.6
wpasupplicant 2.4-0ubuntu6.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4136-1
CVE-2019-16275

Package Information:
https://launchpad.net/ubuntu/+source/wpa/2:2.6-21ubuntu3.3
https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.5
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.6
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdgji2AAoJEEW851uECx9pGF4P/iKzJW8S97pbR7/uWxgRspfX
xSsoaMG+nreClCIIhEAA/lGKe/PrW3ZKRnUpGj4HXG55/YRD5vUE3HGKeqHxi3UW
GvWfE45SPZs1+jWe1YCALMpvuXvQtcKm0YRJkCdBvq1SAK3uuEKUY1xhUjXXsNQj
E4kOvIGqN9hmA/jLc8Yf9xFH/tgABclYyI94NA4IxrzJEwInKBdtTKa6qGdLqbdK
6rcTbEpfaQRe3m0GbSHHBeB1V7RoYzbjfcqbiZa45yNKN8u6kHf8h7LtCAEF/QUe
YO8Uk4DKIHmldhlrWO+fXGG1JzdkoA7251rheerfWgjCnQDbPt/fXw6vkMiYvSM+
oPhCICdBH+Ap/QJ7IF+BvD7oivSkCE7UljxVXIrzLTUhqZVKMqFRjpXp9D0QJ3+j
BdetulUREM3r2TUYHoNo96vo3g+mBDQfq+ggikdQM1ktDZGow1ZKMzMOPxZkgjri
uufmukIiuV18bl3GGLvSygt6ZUwlXDChd+FJzJJnOuIh2foDwJFB5xgI0Kg3Mc2H
WHy/ejvtB5qcQHR4gXb1tW0YoHcLYNF8zP8P+XzFqPZ9fyO2HCo2H3zboEphAN3x
WKDMRvmjXpU/Nu5iDIDHmy4uIwO/XogzVoU2PiLsrZi0uSY0nQA8rsKmidcTV1Jt
bdODeXpl+sxYY/LC7IEN
=Qsqf
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close