[SECURITY] [DLA 1922-1] wpa security update

2019-09-1615:50:00

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

Package : wpa
Version : 2.3-1+deb8u9
CVE ID : CVE-2019-16275
Debian Bug : 940080

hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this
type of issues.

For Debian 8 "Jessie", this problem has been fixed in version
2.3-1+deb8u9.

We recommend that you upgrade your wpa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9ppc64elwpagui< 2:2.4-1+deb9u6wpagui_2:2.4-1+deb9u6_ppc64el.deb
Debian8i386wpagui< 2.3-1+deb8u9wpagui_2.3-1+deb8u9_i386.deb
Debian9armhfhostapd-dbgsym< 2:2.4-1+deb9u6hostapd-dbgsym_2:2.4-1+deb9u6_armhf.deb
Debian10armhfwpasupplicant-dbgsym< 2:2.7+git20190128+0c1e29f-6+deb10u1wpasupplicant-dbgsym_2:2.7+git20190128+0c1e29f-6+deb10u1_armhf.deb
Debian9amd64hostapd-dbgsym< 2:2.4-1+deb9u6hostapd-dbgsym_2:2.4-1+deb9u6_amd64.deb
Debian8armelwpasupplicant< 2.3-1+deb8u9wpasupplicant_2.3-1+deb8u9_armel.deb
Debian9mipshostapd< 2:2.4-1+deb9u6hostapd_2:2.4-1+deb9u6_mips.deb
Debian9ppc64elwpasupplicant< 2:2.4-1+deb9u6wpasupplicant_2:2.4-1+deb9u6_ppc64el.deb
Debian8armelwpasupplicant-udeb< 2.3-1+deb8u9wpasupplicant-udeb_2.3-1+deb8u9_armel.deb
Debian9armelwpagui< 2:2.4-1+deb9u6wpagui_2:2.4-1+deb9u6_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	wpagui	< 2:2.4-1+deb9u6	wpagui_2:2.4-1+deb9u6_ppc64el.deb
Debian	8	i386	wpagui	< 2.3-1+deb8u9	wpagui_2.3-1+deb8u9_i386.deb
Debian	9	armhf	hostapd-dbgsym	< 2:2.4-1+deb9u6	hostapd-dbgsym_2:2.4-1+deb9u6_armhf.deb
Debian	10	armhf	wpasupplicant-dbgsym	< 2:2.7+git20190128+0c1e29f-6+deb10u1	wpasupplicant-dbgsym_2:2.7+git20190128+0c1e29f-6+deb10u1_armhf.deb
Debian	9	amd64	hostapd-dbgsym	< 2:2.4-1+deb9u6	hostapd-dbgsym_2:2.4-1+deb9u6_amd64.deb
Debian	8	armel	wpasupplicant	< 2.3-1+deb8u9	wpasupplicant_2.3-1+deb8u9_armel.deb
Debian	9	mips	hostapd	< 2:2.4-1+deb9u6	hostapd_2:2.4-1+deb9u6_mips.deb
Debian	9	ppc64el	wpasupplicant	< 2:2.4-1+deb9u6	wpasupplicant_2:2.4-1+deb9u6_ppc64el.deb
Debian	8	armel	wpasupplicant-udeb	< 2.3-1+deb8u9	wpasupplicant-udeb_2.3-1+deb8u9_armel.deb
Debian	9	armel	wpagui	< 2:2.4-1+deb9u6	wpagui_2:2.4-1+deb9u6_armel.deb