Описание
Security update for wpa_supplicant
This update for wpa_supplicant fixes the following issues:
- CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077)
- CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078)
- CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079)
- CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254)
- CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2016:2305-1
- E-Mail link for SUSE-SU-2016:2305-1
- SUSE Security Ratings
- SUSE Bug 930077
- SUSE Bug 930078
- SUSE Bug 930079
- SUSE Bug 937419
- SUSE Bug 952254
- SUSE CVE CVE-2015-4141 page
- SUSE CVE CVE-2015-4142 page
- SUSE CVE CVE-2015-4143 page
- SUSE CVE CVE-2015-5310 page
- SUSE CVE CVE-2015-8041 page
Описание
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-4141
- SUSE Bug 915323
- SUSE Bug 930077
Описание
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-4142
- SUSE Bug 915323
- SUSE Bug 930078
Описание
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
Затронутые продукты
Ссылки
- CVE-2015-4143
- SUSE Bug 930079
Описание
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
Затронутые продукты
Ссылки
- CVE-2015-5310
- SUSE Bug 952254
- SUSE Bug 953115
Описание
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-8041
- SUSE Bug 937419