-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2733
wpa security update
10 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wpa
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12695 CVE-2019-10064 CVE-2016-10743
Reference: ESB-2020.2705
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2318-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
August 09, 2020 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : wpa
Version : 2:2.4-1+deb9u7
CVE ID : CVE-2019-10064 CVE-2020-12695
The following CVE(s) have been reported against src:wpa.
CVE-2019-10064
hostapd before 2.6, in EAP mode, makes calls to the rand()
and random() standard library functions without any preceding
srand() or srandom() call, which results in inappropriate
use of deterministic values. This was fixed in conjunction
with CVE-2016-10743.
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription
request with a delivery URL on a different network segment
than the fully qualified event-subscription URL, aka the
CallStranger issue.
For Debian 9 stretch, these problems have been fixed in version
2:2.4-1+deb9u7.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8vDlwACgkQgj6WdgbD
S5bqJQ//cbMou+eANH0/krVoHBolRox7q6pFjwFiEZkKGwmLKKSXeOHcrJ/JrM0S
kCo6GmO+CMuoe0o+HPmNWAsHOB8tg94cvrl2KtBUgfDhXwl5mxjrtdzhLxUQmeJi
UKEbpDbFjJAzioVVsaSCu3Z8UkJO4QNbDKDfwB22CFt3cgcmT+49znViSAhV62BM
CIcTLUm+RNq1MtYxWJQZ4h29YaAxzXGH7+x+iyArafSrbZj5lAD9lQclqi8B8RR/
4WL5mLZyeGotM/zn8wwCWnewfo8DVhZwQIVTZajLVtigyX9G4AUfIO1lumjKtRNR
AkPYJK9lJUia/eGsMPsSrz0mIMnWKVELV1nE/vJGq7LYclvEONJOa4iPuJfAMVZ3
fDF8MOTpUzB6CE2Y/HGJCz0WN3spMkQ8oJsXLxg+X9tMCQkwu2Za9JrgciKqGN3q
pSn4Hmik1W5TfYVQL3MCy3pCT/qRTA9u6D/8MCL6Gga9s5QnVVLV3v65QAqe8r7G
lD904U2U1ZuLDB6Yzq9bYt6jFA0kePYdRBi1aJUfUAn3bsMVTOZZD7g0SUYErxLL
w2c8ol2KCI3y9WvdAey19k7Vw8Pfhkj45ilS0FbE+62h/TNWvgNVCwmIL8jIIJfj
O44qKl27wM+C7RqdykJcBvadr5XbcJs+jw17VgGAdEextroKk/k=
=eSMy
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXzDSP+NLKJtyKPYoAQgI5RAAnPr1XFJXc3u1M0PXwWRoHd7UAZQV2Eif
25OqwdIp/Z75U0bLcBsfVMD/b3WyvSXZR4utEfQPYcJ+OwCJhQIvIvFH9C2UkiUw
oFlT1FAmrD5Lj+wpAwz1aOJ8HE0TeTqSzp5lIEz2YaOWnUDqsp0mjwmsXA6P/wEX
fFGsYljKw0uWRSQa0CdaL2Cg20swqTiKFTSmJrppGLY/vy2mYp5hths8mZdA2Rtg
OM/PaIJ+OfoVXVqi6nLRB36gt5JHsEpWBF/Pcstl5eS13hbBsIkvnQdparwIx6Ft
CjTj53IvJVJEVVnENMSvonQ/ryeBsbD+tGKWb0EGM5HeISeR5bxgrjBC2MMo0LRx
polLjOsSpf64AO1r8jhkrNePa7y1ATYWf/2y0j/RPeloofxjoP562Iuy0tdrb4xd
+0gx44rReLRNCnA8B3tPctMkdt1woH4jPreBU19xFm6QXS1aOzQ+LhDHyMEYC3Mj
OYyxlTdAb7dGiKyw80N0yfNdw8O06X54D8qID2cTSD1Gk4hSd9wtAM3s9iSzrw1d
6bwwMQugQfW7SGQ0zdBthqV/LuAqRmR+9XaovsfH/0/3hFY26EWGmMT1nBQ7Paud
Ie/3KJN2cnx66uDxCfqh8e+9rc6A+nV7pG6vnIyz9bPXnIPIamGYh4ss9mHCR5EH
1yyNV9F/7WI=
=XO+5
-----END PGP SIGNATURE-----
https://www.malwaredevil.com/2020/08/10/esb-2020-2733-debian-wpa-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2733-debian-wpa-multiple-vulnerabilities
No comments:
Post a Comment