openSUSE-SU-2018:3527-1

Опубликовано: 26 окт. 2018

Источник: suse-cvrf

Описание

Security update for hostapd

hostapd was updated to fix following security issue:

CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data (bsc#1104205)

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 15

hostapd-2.6-bp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00080.html
E-Mail link for openSUSE-SU-2018:3527-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Затронутые продукты

SUSE Package Hub for SUSE Linux Enterprise 15:hostapd-2.6-bp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14526.html
CVE-2018-14526
https://bugzilla.suse.com/1104205
SUSE Bug 1104205

openSUSE-SU-2018:3527-1

Описание

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 15

Ссылки

Уязвимость: CVE-2018-14526

Описание

Затронутые продукты

Ссылки