DSA-3397-1 wpa -- wpaID: oval:org.secpod.oval:def:602277 | Date: (C)2015-11-24 (M)2022-05-17 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in wpa_supplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfer encoding which may result in a denial of service. CVE-2015-4142 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WMM Action frame processing which may result in a denial of service. CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 Kostya Kortchinsky of the Google Security Team discovered that EAP-pwd payload is not properly validated which may result in a denial of service. CVE-2015-5310 Jouni Malinen discovered a flaw in the WMM Sleep Mode Response frame processing. A remote attacker can take advantage of this flaw to mount a denial of service. CVE-2015-5314 CVE-2015-5315 Jouni Malinen discovered a flaw in the handling of EAP-pwd messages which may result in a denial of service. CVE-2015-5316 Jouni Malinen discovered a flaw in the handling of EAP-pwd Confirm messages which may result in a denial of service. CVE-2015-8041 Incomplete WPS and P2P NFC NDEF record payload length validation may result in a denial of service.
Platform: |
Debian 8.x |
Debian 7.x |
Product: |
hostapd |
wpagui |
wpasupplicant |
wpasupplicant-udeb |