-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 15 Sep 2019 18:47:15 +0200 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2.3-1+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: hostapd - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2.3-1+deb8u9) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-16275: hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues. It should be noted that if PMF is not enabled, there would be no protocol level protection against this type of denial service attacks. . An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network. Checksums-Sha1: 2801693344c6b3577ab106fdd72c12a789817b39 2664 wpa_2.3-1+deb8u9.dsc f56f6b2d74b838abcf862b7e62520b4b76c9624d 106736 wpa_2.3-1+deb8u9.debian.tar.xz 90493f68bf2c6110a2f7279ca8f45a4fd6565e85 542360 hostapd_2.3-1+deb8u9_amd64.deb bcbb7f17d46a591ca7dc478cd46bf43368401817 346998 wpagui_2.3-1+deb8u9_amd64.deb ea4c96e25b299ed51341eaae658cee59d6fbee37 919828 wpasupplicant_2.3-1+deb8u9_amd64.deb 34bf0a3d5f7b4a91b6b6d2752a477c9f07dd2945 223784 wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb Checksums-Sha256: ffb223db68894b3d25e8a255039348484a760253041f0a208821038c824f0a00 2664 wpa_2.3-1+deb8u9.dsc 715f21525933a97145e5ee1ac654d88f730b4a7569f5e00676359d4de6094842 106736 wpa_2.3-1+deb8u9.debian.tar.xz 29e10a7330e2c189715dd2644e9a57a3058048a5e716eac9c2df7a2587c7df69 542360 hostapd_2.3-1+deb8u9_amd64.deb 0ad43840973b8ed9ff13dd578094c079defa810dc97640b1bae9c01c322726df 346998 wpagui_2.3-1+deb8u9_amd64.deb c4ba4e7a89d52994a8d8f7c41b22ab2eda4dc43005b44e5a8971a5a911686261 919828 wpasupplicant_2.3-1+deb8u9_amd64.deb 15fb5f59ab3f1ef255f51f340af53123a3496cb19237e6369f1b4591da40e691 223784 wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb Files: fff561db76491e62e269baaeb501b10d 2664 net optional wpa_2.3-1+deb8u9.dsc 0e01f935de2a7926c49540f074c122ec 106736 net optional wpa_2.3-1+deb8u9.debian.tar.xz d57e34980a1f005ba0d6947f79ea0aa1 542360 net optional hostapd_2.3-1+deb8u9_amd64.deb cf9cee52a249a330b021922ab0857c8d 346998 net optional wpagui_2.3-1+deb8u9_amd64.deb 0e82075b12a7465fcce0d4239fe8b4b2 919828 net optional wpasupplicant_2.3-1+deb8u9_amd64.deb b151d19411b10b4b5f4b6c445a9312c0 223784 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1/etVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkGbYP/i89qxdj6oaTykUkLU8mQkSIwa5kmg/0xFoY epOXhdhRJQOuJrAC2p/nxpKQ8M9kSN2pi5GTCkHemkN6+Pfb+JA07Ol5C0q/J6hZ pqiOHXUvD+Dx7RRrO+SO0BRv5C2omqaKcx9AscNeh/dCoYyO73PPzvzrTpEBUVaU LdBEbQN7nZnfhE3p632X7CTEKXI3bzj7tnHZ7p0bS45NBdarmB2N8AeJOwFsgVoK iDuzHgZWXEgCv7VDd0jYVTFpLkOEOVxTXZ+lJJxZzL6nMJPhKZBuPF2lu+MDlWSn DCDWyM2m0U6Yv12ArMLTYyw6rH1Y9GInjQbrK7zgPfIUIZdnZQpKfCH9txgQ7E8t RPyo0bIleSsiCwk7NRPASknDEkfjIxTmTfFOlEnjbcvmC4ZWjH4Vz5CUjg95rOTj ITC/qYU2hjrv0L1ZwJBixigSJxJ/ju4dZTP4OxhRxk7x73roeGGUMLGiiJUYL4uH oz+/y4vrLF1RjobrVRPu2IAWZE+olD+GXGyfgy1jlBMikQZiHuPXFKphg6cXpIbq w3amnCc62Pmw2tc0/e8fSxgExNwjNnCQy4eYAaEOGv4RFQz6V06ddX6xeMJwzlLJ vkf9eg+qoN2Wgovc8BFA43ZzeKIsrWrCesX77LUDzucHFieOCEMy9+TRmpPOk/cK aAP1HBma =WEq1 -----END PGP SIGNATURE-----