==========================================================================
Ubuntu Security Notice USN-4136-2
September 18, 2019
wpa, wpasupplicant vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.
Software Description:
– wpa: client support for WPA and WPA2
– wpasupplicant: client support for WPA and WPA2
Details:
USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
hostapd 1:2.1-0ubuntu1.7+esm2
wpasupplicant 2.1-0ubuntu1.7+esm2
Ubuntu 12.04 ESM:
wpasupplicant 0.7.3-6ubuntu2.5
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4136-2
https://usn.ubuntu.com/4136-1
CVE-2019-16275
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdgkPWAAoJEEW851uECx9p8OwQAKme0muK2aO7Rac03J8V2hh5
FSEmo/ecbv45ZNVwzgMFag2Cx4koneSWIFac3M4XrPbM7XoSyIdjgkQlGPheiYVT
ZZT0UnxPh51nPY0nMRSCgP3qlfLVawqablZebZJpHUoFIGoNqnPUInlsXuDKBGBt
YWUS7u6P3yhB4+c2EJjfyH+4tOv4+rYXyKMU0EsXw57Ph915qybBO29Ito4Gw/mP
Q59QqckLBxJPDmTFmuP7AXhawWLGkHj+VWz8Vu61pg998lwddKYatIgJS7J4iyxy
41ZNc4M142ePzBHOhw7My05qTHPKqr1C2sOj5PmhYdYpCyGSdpcU/Y4Yvrv+fYq5
Bz7nAn3BMATaP8erjNfS7CePi3AWw6LeixrG1OXJz/JM3lK2KwCp5YWmp1vxCiih
RXrbgUXVU6G7aa4jMHkNyBv8MlkZEtYtHwCbRjh0cZ8tZqcqoB2TplzAdX5MXS+S
rfHHVP73KOvlSnZD7Kz0mhh3h8KCvJ5rcZ6eI7++IzlmIGkEV10bsE+ASN+GFIZv
GbJa7Y8gDJC/i3DLpo+hW+L+urUjhy3IU7EE7KVR8WNj8QiYklFZgp0E8TOsMTOY
7xupIryNO0utz/vldH8p67lofPQb1xDiGUbtzeZf15a/OohVQAqnSScTX8FU3Gia
RE33FDT5eFudP5NsWsPO
=rq2a
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4136-1
September 18, 2019
wpa vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.
Software Description:
– wpa: client support for WPA and WPA2
Details:
It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
hostapd 2:2.6-21ubuntu3.3
wpasupplicant 2:2.6-21ubuntu3.3
Ubuntu 18.04 LTS:
hostapd 2:2.6-15ubuntu2.5
wpasupplicant 2:2.6-15ubuntu2.5
Ubuntu 16.04 LTS:
hostapd 1:2.4-0ubuntu6.6
wpasupplicant 2.4-0ubuntu6.6
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4136-1
CVE-2019-16275
Package Information:
https://launchpad.net/ubuntu/+source/wpa/2:2.6-21ubuntu3.3
https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.5
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.6
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdgji2AAoJEEW851uECx9pGF4P/iKzJW8S97pbR7/uWxgRspfX
xSsoaMG+nreClCIIhEAA/lGKe/PrW3ZKRnUpGj4HXG55/YRD5vUE3HGKeqHxi3UW
GvWfE45SPZs1+jWe1YCALMpvuXvQtcKm0YRJkCdBvq1SAK3uuEKUY1xhUjXXsNQj
E4kOvIGqN9hmA/jLc8Yf9xFH/tgABclYyI94NA4IxrzJEwInKBdtTKa6qGdLqbdK
6rcTbEpfaQRe3m0GbSHHBeB1V7RoYzbjfcqbiZa45yNKN8u6kHf8h7LtCAEF/QUe
YO8Uk4DKIHmldhlrWO+fXGG1JzdkoA7251rheerfWgjCnQDbPt/fXw6vkMiYvSM+
oPhCICdBH+Ap/QJ7IF+BvD7oivSkCE7UljxVXIrzLTUhqZVKMqFRjpXp9D0QJ3+j
BdetulUREM3r2TUYHoNo96vo3g+mBDQfq+ggikdQM1ktDZGow1ZKMzMOPxZkgjri
uufmukIiuV18bl3GGLvSygt6ZUwlXDChd+FJzJJnOuIh2foDwJFB5xgI0Kg3Mc2H
WHy/ejvtB5qcQHR4gXb1tW0YoHcLYNF8zP8P+XzFqPZ9fyO2HCo2H3zboEphAN3x
WKDMRvmjXpU/Nu5iDIDHmy4uIwO/XogzVoU2PiLsrZi0uSY0nQA8rsKmidcTV1Jt
bdODeXpl+sxYY/LC7IEN
=Qsqf
—–END PGP SIGNATURE—–
—