Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0752 wpa security update 3 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wpa Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-27803 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running wpa check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2581-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta March 03, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : wpa Version : 2:2.4-1+deb9u9 CVE ID : CVE-2021-27803 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. For Debian 9 stretch, this problem has been fixed in version 2:2.4-1+deb9u9. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmA+q2EACgkQgj6WdgbD S5YmGBAAwNGAFyVTyMwsv+PSBJebtvWjbKBxbssz7J21s9vZnYRLgtlYDXbm17rE SPAKZd4kDDU/s4GFuKNl1+hq+W9oo+Qrrn1JjKG3k9VGPsLcngGZB4hkXJM9CIky i5sb+vi49E7FshX+KEcB0W+NNL16i1PcdMtsndg3nS8vlBsWbUNAztjW+XQvNSzV B3ymCeFJlTFpqr75hRai5aw2IwPMvlmAeVEBB/skuzS3zjkLTUsFA4RW5Up4Jgeg e+RzhHB4AcXIDWfNEPoEMqe/PscVolwD44s0OHtic5HzLDWGPtsHSfC/KDpTKgiY 7br11dKehjHpfX3WblrVSqjMzqOA7U2BZz8GGpmM+UfKOqHljFE6QFDwfaNnE93a oCm28LMkip6k93Z1EHDTgSH79dQhocQhD/ZIGnDxaZW3rMjrPKU6VmXQa8c4nmOx Z2PdlFOx1ZTh9NdQicfHK9eOjq704IclBf34qd+0EuBimEz3r5CE3cXOlSYs/Q9O z2Gk72HxjR3jV/cDWCtPPpwLh/TNig8ejyWZ50abl4b+GOiiCplmG+arI+Ih5FBr 8nJhS9psVYFVkaEtNa+70jgkE9G2OAl5lywVL9JO1/H0RsDimV0oPkEHgel2pCqg f61lc2HGibS7XlDRGaKGnmxuuudYpmk029kZ5R9OzrIwrGIkrZc= =9LXU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYD7PE+NLKJtyKPYoAQg6zQ//a8pquecug20DXU021Jy+8pQTe7C+blL9 BfnZd2njTJmSFBxUbIxJQ+sL53BGJxscjdisdW3ddddYN1hLz9Gb5ZQng7s9U4Wg Q9G+UeLSz9WEA5xLOBitKuuQNLaTfg+K9IW4ldJv2DJevsS5BjzyQfL3qrXEDaW0 J+URX4oK9ptd8ISnaV5BYG84k8WPnrUCq0J1UHy2pGX2AsVCc3MGsRvoxtgqjqs5 fsT5Nn0mromWzH22TcL8pryaoCP9bQl9sYd70RoxIB211NQ2IF6Dl1q8+JE2RxH7 3U9WtHFQvkXFafkQboOUKBJ1vULcMb4gUuoPvqBhiKI1/QOWfAAC9tUXJjMomKi9 pOjYPIUrliQGc8TEnHrAtD1h/R1TwEFEQZ0lTu8eb6wkCLw9DU6A1ZRwyC0eI9WV r1nt+QrvRTVG3anfTV2/39sKtGbRcwH5paP685HDsTJST70zx7p6AixOykhsIhP7 lQf31Rs0jGipaCO9yfkoeRLMsc4wMiVWUkjY6S5UFSMwF5pepYd0WZR3IqQNtoGA G2eQxnyZo8zZJ2EanTY7yjl8QxTQgoQPoGK2Jv9YL+KjSKjYmuzoPdnccH2CbygF 16yhk9S5A4SNCvh4m2fxjPqjRGVX5tz71HuZ+YbCYu7MazlMt3feUzE5zlVcEPTP ZKIcXrnFDb0= =kVQh -----END PGP SIGNATURE-----