Описание
Security update for wpa_supplicant
This update for wpa_supplicant fixes the following issues:
- CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).
- CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)
Список пакетов
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:0478-1
- E-Mail link for SUSE-SU-2021:0478-1
- SUSE Security Ratings
- SUSE Bug 1150934
- SUSE Bug 1181777
- SUSE CVE CVE-2019-16275 page
- SUSE CVE CVE-2021-0326 page
Описание
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Затронутые продукты
Ссылки
- CVE-2019-16275
- SUSE Bug 1150934
Описание
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
Затронутые продукты
Ссылки
- CVE-2021-0326
- SUSE Bug 1181777