Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:2357-1

Опубликовано: 23 сент. 2016
Источник: suse-cvrf

Описание

Security update for wpa_supplicant

This update for wpa_supplicant fixes the following issues:

  • CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077)
  • CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078)
  • CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079)
  • CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254)
  • CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
wpa_supplicant-2.2-8.1
wpa_supplicant-gui-2.2-8.1

Ссылки

Описание

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Затронутые продукты
openSUSE Leap 42.1:wpa_supplicant-2.2-8.1
openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1
Ссылки

Описание

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

Затронутые продукты
openSUSE Leap 42.1:wpa_supplicant-2.2-8.1
openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1
Ссылки

Описание

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

Затронутые продукты
openSUSE Leap 42.1:wpa_supplicant-2.2-8.1
openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1
Ссылки

Описание

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

Затронутые продукты
openSUSE Leap 42.1:wpa_supplicant-2.2-8.1
openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1
Ссылки

Описание

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Затронутые продукты
openSUSE Leap 42.1:wpa_supplicant-2.2-8.1
openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1
Ссылки