Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0655 wpa security update 22 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wpa Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-0326 Reference: ESB-2021.0575 ESB-2021.0560 Original Bulletin: https://www.debian.org/lts/security/2021/dla-2572 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2572-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz February 20, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : wpa Version : 2:2.4-1+deb9u8 CVE ID : CVE-2021-0326 An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution. On request, together with this upload support for WPA-EAP-SUITE-B(-192) has been enabled. For Debian 9 stretch, this problem has been fixed in version 2:2.4-1+deb9u8. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAw+hRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeQfA/8CG6+NDI7NMY7gP3Icmz3MMFEoE2S3pfp0HFnbc008bUbuaiNPuC7NF2W Lf5mdO2BCcezBzh3RkSuXh4E5gMnXY/KTSGmVI431GOucAbQzqDMp2z5jNO7WBlg jHkh+Q+pHdx5IlBVw5D6ar1FsP7J9G8Nr7f9YIN64nzvmTd/c/phD+1oSkGv7B9x qIHMCNNYvkU/PiyENAMSKDGhI7xXsFVXGpmnJligZCtUYqTZ72modjpERmRORafn vRvdKeWaw/DIPxHODKlWIDtGmGuDFoT2uZs8P2K+Q+JC9d79Y/rM/pGT8VezCCUl l+/Z5yOayFIXL1pt2IkfUWi60Q20+Lq12/fxMxot8V5zA60N0F7GXkS0KjcoIxHC OI+iPTOeRzW9n5LHaOd+N1r702WoFd3+zLmamxNhRdCGkWm/CoDllyFM8GUHzQhm hpeOCSc3maeD0rmrSV5eAQfIcF2fEy+01QRDUgOb+/9MkX54d8qzy8ur5ie3gIjj fzm3f47ut6hQhoIll9Z/CLSW4JeNpv4dTNZLrZAxuV9m1UNLOz/o+rBUqYOuZw3v kyfha8Xh9X6w1Rh7u1YLrRTZIRDC6t0keGWAFyTT6hrWZ4LdYwUFdoCv+ApO9Hk/ /cs6eJJWYWyqsEC/WXECKO8k+oaJP9my2TF8N+G82rCEAwnY7R0= =1Owv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYDNC0ONLKJtyKPYoAQii8BAAlim40z73w+wmoErKNjhTbgu2aLQFpVPo 8NyrNu5zqT3isEWshk4WGCMvgMRmrVLO1tjoAdiSlNlFM8ZLr1UqLmibximfiWS6 6mEf4xDSfDeddf8/QnmUysXzdFVLxVejRZgTNT1pjcVoVYttqmKEvcgRF6Koeezc YJvrUFEmJT0mygj7zdDdr8g+I8eN0gnqbLoTcZ3BdomVmR5kFD5NbSU7pffZJzfs Cy1uCEBL92+MSqtBjnMwqH5/kbPfPbGICJN8WgXreoAe3PY8zdhF0OXdP2MR7d3X 2b1bM9dUfi61/qmIwJustowGjBBfqXUvA/SP7hLiRzIh88w21paODRbr89Uv7jdu nAgcwhr8+RWurfsh+ZM0Sm1JhKkYftyNiOZe79SE//un5/5z5qmGEX+8fLXE5Rjz Ba2hOJPHP7apk9f6hhrmGHECblyH6XcqEh+5ldDcnzsIVjHYE7FAbJ7U7axbLrNF Ih+Prn2MRzCGQjp4y+sbqISoGppPHDVM5ZbbKGsKzq1vZUQZVkmWExj+4UVQ863b yA982/F20VQnwnbYyxV26/93MQYaF+NuylTS9QOIM8UI/jzkN3E4cOs/iVghptWj Ykq09aJXZwxsXg8tsUE4QMMgNtgi3iCwlL8FO1oBFmzjKhpM/XsAOeLWONvZTGKC XAZyVbTQAZc= =i+Ro -----END PGP SIGNATURE-----