Описание
Security update for wpa_supplicant
wpa_supplicant was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078).
- CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
wpa_supplicant-0.7.1-6.17.4
wpa_supplicant-gui-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP4
wpa_supplicant-0.7.1-6.17.4
wpa_supplicant-gui-0.7.1-6.17.4
SUSE Linux Enterprise Server 11 SP3
wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Server 11 SP3-TERADATA
wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Server 11 SP4
wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
wpa_supplicant-0.7.1-6.17.4
Ссылки
- Link for SUSE-SU-2015:2221-1
- E-Mail link for SUSE-SU-2015:2221-1
- SUSE Security Ratings
- SUSE Bug 930077
- SUSE Bug 930078
- SUSE CVE CVE-2015-4141 page
- SUSE CVE CVE-2015-4142 page
Описание
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP3:wpa_supplicant-gui-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP4:wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP4:wpa_supplicant-gui-0.7.1-6.17.4
Ссылки
- CVE-2015-4141
- SUSE Bug 915323
- SUSE Bug 930077
Описание
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP3:wpa_supplicant-gui-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP4:wpa_supplicant-0.7.1-6.17.4
SUSE Linux Enterprise Desktop 11 SP4:wpa_supplicant-gui-0.7.1-6.17.4
Ссылки
- CVE-2015-4142
- SUSE Bug 915323
- SUSE Bug 930078