Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0655
wpa security update
22 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wpa
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-0326
Reference: ESB-2021.0575
ESB-2021.0560
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2572
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2572-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
February 20, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : wpa
Version : 2:2.4-1+deb9u8
CVE ID : CVE-2021-0326
An issue has been found in wpa, a set of tools to support WPA and WPA2
(IEEE 802.11i).
Missing validation of data can result in a buffer over-write, which might
lead to a DoS of the wpa_supplicant process or potentially arbitrary code
execution.
On request, together with this upload support for WPA-EAP-SUITE-B(-192)
has been enabled.
For Debian 9 stretch, this problem has been fixed in version
2:2.4-1+deb9u8.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAw+hRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeQfA/8CG6+NDI7NMY7gP3Icmz3MMFEoE2S3pfp0HFnbc008bUbuaiNPuC7NF2W
Lf5mdO2BCcezBzh3RkSuXh4E5gMnXY/KTSGmVI431GOucAbQzqDMp2z5jNO7WBlg
jHkh+Q+pHdx5IlBVw5D6ar1FsP7J9G8Nr7f9YIN64nzvmTd/c/phD+1oSkGv7B9x
qIHMCNNYvkU/PiyENAMSKDGhI7xXsFVXGpmnJligZCtUYqTZ72modjpERmRORafn
vRvdKeWaw/DIPxHODKlWIDtGmGuDFoT2uZs8P2K+Q+JC9d79Y/rM/pGT8VezCCUl
l+/Z5yOayFIXL1pt2IkfUWi60Q20+Lq12/fxMxot8V5zA60N0F7GXkS0KjcoIxHC
OI+iPTOeRzW9n5LHaOd+N1r702WoFd3+zLmamxNhRdCGkWm/CoDllyFM8GUHzQhm
hpeOCSc3maeD0rmrSV5eAQfIcF2fEy+01QRDUgOb+/9MkX54d8qzy8ur5ie3gIjj
fzm3f47ut6hQhoIll9Z/CLSW4JeNpv4dTNZLrZAxuV9m1UNLOz/o+rBUqYOuZw3v
kyfha8Xh9X6w1Rh7u1YLrRTZIRDC6t0keGWAFyTT6hrWZ4LdYwUFdoCv+ApO9Hk/
/cs6eJJWYWyqsEC/WXECKO8k+oaJP9my2TF8N+G82rCEAwnY7R0=
=1Owv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYDNC0ONLKJtyKPYoAQii8BAAlim40z73w+wmoErKNjhTbgu2aLQFpVPo
8NyrNu5zqT3isEWshk4WGCMvgMRmrVLO1tjoAdiSlNlFM8ZLr1UqLmibximfiWS6
6mEf4xDSfDeddf8/QnmUysXzdFVLxVejRZgTNT1pjcVoVYttqmKEvcgRF6Koeezc
YJvrUFEmJT0mygj7zdDdr8g+I8eN0gnqbLoTcZ3BdomVmR5kFD5NbSU7pffZJzfs
Cy1uCEBL92+MSqtBjnMwqH5/kbPfPbGICJN8WgXreoAe3PY8zdhF0OXdP2MR7d3X
2b1bM9dUfi61/qmIwJustowGjBBfqXUvA/SP7hLiRzIh88w21paODRbr89Uv7jdu
nAgcwhr8+RWurfsh+ZM0Sm1JhKkYftyNiOZe79SE//un5/5z5qmGEX+8fLXE5Rjz
Ba2hOJPHP7apk9f6hhrmGHECblyH6XcqEh+5ldDcnzsIVjHYE7FAbJ7U7axbLrNF
Ih+Prn2MRzCGQjp4y+sbqISoGppPHDVM5ZbbKGsKzq1vZUQZVkmWExj+4UVQ863b
yA982/F20VQnwnbYyxV26/93MQYaF+NuylTS9QOIM8UI/jzkN3E4cOs/iVghptWj
Ykq09aJXZwxsXg8tsUE4QMMgNtgi3iCwlL8FO1oBFmzjKhpM/XsAOeLWONvZTGKC
XAZyVbTQAZc=
=i+Ro
-----END PGP SIGNATURE-----