You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa hostapd

Sigurnosni nedostaci programskog paketa hostapd

——————————————————————————–
Fedora Update Notification
FEDORA-2019-d03bae77f5
2019-04-23 18:49:02.441793
——————————————————————————–

Name : hostapd
Product : Fedora 28
Version : 2.7
Release : 2.fc28
URL : http://w1.fi/hostapd
Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Description :
hostapd is a user space daemon for access point and authentication servers. It
implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP
Authenticators and RADIUS authentication server.

hostapd is designed to be a “daemon” program that runs in the back-ground and
acts as the backend component controlling authentication. hostapd supports
separate frontend programs and an example text-based frontend, hostapd_cli, is
included with hostapd.

——————————————————————————–
Update Information:

Update to version 2.7 from upstream Security fix for CVE-2019-9494 (cache attack
against SAE) Security fix for CVE-2019-9495 (cache attack against EAP-pwd)
Security fix for CVE-2019-9496 (SAE confirm missing state validation in
hostapd/AP) Security fix for CVE-2019-9497 (EAP-pwd server not checking for
reflection attack) Security fix for CVE-2019-9498 (EAP-pwd server missing commit
validation for scalar/element) Security fix for CVE-2019-9499 (EAP-pwd peer
missing commit validation for scalar/element)
——————————————————————————–
ChangeLog:

* Fri Apr 12 2019 John W. Linville <linville@redhat.com> – 2.7-2
– Bump N-V-R for rebuild
* Fri Apr 12 2019 John W. Linville <linville@redhat.com> – 2.7-1
– Update to version 2.7 from upstream
– Remove obsolete patches for NL80211_ATTR_SMPS_MODE encoding and KRACK
– Fix CVE-2019-9494 (cache attack against SAE)
– Fix CVE-2019-9495 (cache attack against EAP-pwd)
– Fix CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
– Fix CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
– Fix CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
– Fix CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.6-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 20 2018 John W. Linville <linville@redhat.com> – 2.6-11
– Add previously unnecessary BuildRequires for gcc
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> – 2.6-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 29 2018 Davide Caratti <dcaratti@redhat.com> – 2.6-9
– backport fix for Fix NL80211_ATTR_SMPS_MODE encoding (rh #1582839)
——————————————————————————–
References:

[ 1 ] Bug #1699141 – CVE-2019-9494 wpa_supplicant: SAE Timing-based and Cache-based side-channel attack against WPA3’s Dragonfly handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1699141
[ 2 ] Bug #1699149 – CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack
https://bugzilla.redhat.com/show_bug.cgi?id=1699149
[ 3 ] Bug #1699153 – CVE-2019-9496 hostapd: SAE confirm missing state validation in hostapd/AP
https://bugzilla.redhat.com/show_bug.cgi?id=1699153
[ 4 ] Bug #1699164 – CVE-2019-9497 wpa_supplicant: EAP-pwd server not checking for reflection attack
https://bugzilla.redhat.com/show_bug.cgi?id=1699164
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-d03bae77f5’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-f409af9fbe
2019-04-23 20:13:25.293606
——————————————————————————–

Name : hostapd
Product : Fedora 29
Version : 2.7
Release : 2.fc29
URL : http://w1.fi/hostapd
Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Description :
hostapd is a user space daemon for access point and authentication servers. It
implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP
Authenticators and RADIUS authentication server.

hostapd is designed to be a “daemon” program that runs in the back-ground and
acts as the backend component controlling authentication. hostapd supports
separate frontend programs and an example text-based frontend, hostapd_cli, is
included with hostapd.

——————————————————————————–
Update Information:

Update to version 2.7 from upstream Security fix for CVE-2019-9494 (cache attack
against SAE) Security fix for CVE-2019-9495 (cache attack against EAP-pwd)
Security fix for CVE-2019-9496 (SAE confirm missing state validation in
hostapd/AP) Security fix for CVE-2019-9497 (EAP-pwd server not checking for
reflection attack) Security fix for CVE-2019-9498 (EAP-pwd server missing commit
validation for scalar/element) Security fix for CVE-2019-9499 (EAP-pwd peer
missing commit validation for scalar/element)
——————————————————————————–
ChangeLog:

* Fri Apr 12 2019 John W. Linville <linville@redhat.com> – 2.7-2
– Bump N-V-R for rebuild
* Fri Apr 12 2019 John W. Linville <linville@redhat.com> – 2.7-1
– Update to version 2.7 from upstream
– Remove obsolete patches for NL80211_ATTR_SMPS_MODE encoding and KRACK
– Fix CVE-2019-9494 (cache attack against SAE)
– Fix CVE-2019-9495 (cache attack against EAP-pwd)
– Fix CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
– Fix CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
– Fix CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
– Fix CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.6-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1699141 – CVE-2019-9494 wpa_supplicant: SAE Timing-based and Cache-based side-channel attack against WPA3’s Dragonfly handshake
https://bugzilla.redhat.com/show_bug.cgi?id=1699141
[ 2 ] Bug #1699149 – CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack
https://bugzilla.redhat.com/show_bug.cgi?id=1699149
[ 3 ] Bug #1699153 – CVE-2019-9496 hostapd: SAE confirm missing state validation in hostapd/AP
https://bugzilla.redhat.com/show_bug.cgi?id=1699153
[ 4 ] Bug #1699164 – CVE-2019-9497 wpa_supplicant: EAP-pwd server not checking for reflection attack
https://bugzilla.redhat.com/show_bug.cgi?id=1699164
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-f409af9fbe’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda,...

Close