-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0752
                            wpa security update
                               3 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wpa
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-27803  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running wpa check for an updated version of the software for their 
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2581-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 03, 2021                              https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : wpa
Version        : 2:2.4-1+deb9u9
CVE ID         : CVE-2021-27803

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant
before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact (potentially
execution of arbitrary code), for an attacker within radio range.

For Debian 9 stretch, this problem has been fixed in version
2:2.4-1+deb9u9.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmA+q2EACgkQgj6WdgbD
S5YmGBAAwNGAFyVTyMwsv+PSBJebtvWjbKBxbssz7J21s9vZnYRLgtlYDXbm17rE
SPAKZd4kDDU/s4GFuKNl1+hq+W9oo+Qrrn1JjKG3k9VGPsLcngGZB4hkXJM9CIky
i5sb+vi49E7FshX+KEcB0W+NNL16i1PcdMtsndg3nS8vlBsWbUNAztjW+XQvNSzV
B3ymCeFJlTFpqr75hRai5aw2IwPMvlmAeVEBB/skuzS3zjkLTUsFA4RW5Up4Jgeg
e+RzhHB4AcXIDWfNEPoEMqe/PscVolwD44s0OHtic5HzLDWGPtsHSfC/KDpTKgiY
7br11dKehjHpfX3WblrVSqjMzqOA7U2BZz8GGpmM+UfKOqHljFE6QFDwfaNnE93a
oCm28LMkip6k93Z1EHDTgSH79dQhocQhD/ZIGnDxaZW3rMjrPKU6VmXQa8c4nmOx
Z2PdlFOx1ZTh9NdQicfHK9eOjq704IclBf34qd+0EuBimEz3r5CE3cXOlSYs/Q9O
z2Gk72HxjR3jV/cDWCtPPpwLh/TNig8ejyWZ50abl4b+GOiiCplmG+arI+Ih5FBr
8nJhS9psVYFVkaEtNa+70jgkE9G2OAl5lywVL9JO1/H0RsDimV0oPkEHgel2pCqg
f61lc2HGibS7XlDRGaKGnmxuuudYpmk029kZ5R9OzrIwrGIkrZc=
=9LXU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYD7PE+NLKJtyKPYoAQg6zQ//a8pquecug20DXU021Jy+8pQTe7C+blL9
BfnZd2njTJmSFBxUbIxJQ+sL53BGJxscjdisdW3ddddYN1hLz9Gb5ZQng7s9U4Wg
Q9G+UeLSz9WEA5xLOBitKuuQNLaTfg+K9IW4ldJv2DJevsS5BjzyQfL3qrXEDaW0
J+URX4oK9ptd8ISnaV5BYG84k8WPnrUCq0J1UHy2pGX2AsVCc3MGsRvoxtgqjqs5
fsT5Nn0mromWzH22TcL8pryaoCP9bQl9sYd70RoxIB211NQ2IF6Dl1q8+JE2RxH7
3U9WtHFQvkXFafkQboOUKBJ1vULcMb4gUuoPvqBhiKI1/QOWfAAC9tUXJjMomKi9
pOjYPIUrliQGc8TEnHrAtD1h/R1TwEFEQZ0lTu8eb6wkCLw9DU6A1ZRwyC0eI9WV
r1nt+QrvRTVG3anfTV2/39sKtGbRcwH5paP685HDsTJST70zx7p6AixOykhsIhP7
lQf31Rs0jGipaCO9yfkoeRLMsc4wMiVWUkjY6S5UFSMwF5pepYd0WZR3IqQNtoGA
G2eQxnyZo8zZJ2EanTY7yjl8QxTQgoQPoGK2Jv9YL+KjSKjYmuzoPdnccH2CbygF
16yhk9S5A4SNCvh4m2fxjPqjRGVX5tz71HuZ+YbCYu7MazlMt3feUzE5zlVcEPTP
ZKIcXrnFDb0=
=kVQh
-----END PGP SIGNATURE-----