-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 May 2016 22:37:10 +0200 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source i386 Version: 1.0-3+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: Debian/Ubuntu wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authentica wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (1.0-3+deb7u4) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-4476 and CVE-2016-4477. A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation (CVE-2016-4476) or through local configuration change over the wpa_supplicant control interface (CVE-2016-4477), the resulting configuration file may prevent the hostapd and wpa_supplicant from starting when the updated file is used. In addition for wpa_supplicant, it may be possible to load a local library file and execute code from there with the same privileges under which the wpa_supplicant process runs. Checksums-Sha1: 7dad2bdebebec26e88c8ef226485d13b6cb695b8 2593 wpa_1.0-3+deb7u4.dsc 3df815106e085f02658a7143f0c9dfaffb54bdd7 95269 wpa_1.0-3+deb7u4.debian.tar.gz dc25a2ec125ffceb3a9212b5902a160cfd41d0da 478424 hostapd_1.0-3+deb7u4_i386.deb bb15f69f83fc4741b774c1aa5ff441597618b3f9 371350 wpagui_1.0-3+deb7u4_i386.deb d337c798f3136694efb7a0fde8995e999ae16b92 609746 wpasupplicant_1.0-3+deb7u4_i386.deb c7c3b8fb0f74e7222d184a99e35cfe7c388d06b1 150034 wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb Checksums-Sha256: de7683fbd1721c140196e231a8706c60ccb61f89bf315195494f3902239485a5 2593 wpa_1.0-3+deb7u4.dsc 276bf57fb8c354e45143358b1832ed59b87358746bd84ea7696b8dfea6be9645 95269 wpa_1.0-3+deb7u4.debian.tar.gz d54744f4dfc871597b57f2c3e271c0c0d6510f1077fc93fe141f48e6f9132f0f 478424 hostapd_1.0-3+deb7u4_i386.deb 048b8d9720cb6c50295d57a194fc5c16fab56a7241dda1e7813e7d7f2f7fa03e 371350 wpagui_1.0-3+deb7u4_i386.deb 3c7d60c3400d616aa3fb6fa20b04d325d5b0dfc6cb68d3c3181055729ba0ca1e 609746 wpasupplicant_1.0-3+deb7u4_i386.deb a2f5c57e9e6d8d8b4b1fc861a36a2a6cf3cc7b1c043934be580f7801fd399dc1 150034 wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb Files: 507b0828c7492eda8a3c396c495a4b93 2593 net optional wpa_1.0-3+deb7u4.dsc e4083b5ca35bb482381d3806e8004089 95269 net optional wpa_1.0-3+deb7u4.debian.tar.gz 63e4b041593d36fcbc24e08742f447e8 478424 net optional hostapd_1.0-3+deb7u4_i386.deb 6e1903cc441e46219ab1b71043dd1ba2 371350 net optional wpagui_1.0-3+deb7u4_i386.deb 3873e3e510a3a989741c8255ffe703c8 609746 net optional wpasupplicant_1.0-3+deb7u4_i386.deb 49724f6e2e107abaef6fe4faada65d95 150034 debian-installer standard wpasupplicant-udeb_1.0-3+deb7u4_i386.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXN45tXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkIDEP/0Xs/1DQLmfCsG5/bvt1ey/O y6H/ZP/u6gNMK92Yma/u0o7XdqiUPMMqs/7WI/wdHoFqNhp8yRBotA/Rq+aZDl9n tzRtsNA3k+/ZuKfbJGwb8fIz62DV4ExdCxV5yx7xB3y7uiGnA1mSHw7vS2DsKYYE erx4fp2M8XsxHRVFW6spnCXZ9G2UiyflzLiteQLbmIiZ4lN4NrGhs1ig9HKxotGh 15s33s8MUrqEgEx8EM+vC0NSHS7FJnThb5Glo+XIuI/yQRQfRy1wq3p3HVzdUmL7 MgeCcqoYbUJu8AWCO4xSbbWrVKZ6GpF2puSpHYkO6n7u9o2sNIt5JW/R/Hvy07zV EKiGQgcu+6S1x0gWR62cGD0cPdR+I5DbxiRX/g6kJfp/398k+HlftKTbdJen9BnO y9Yf5PDeLVtKFsNoUlbMLshefc0zfp7B05SEKWUlUAGpS/2s46dcRz2zTvgY/yXb ZvA+6Ab+cdV/yyPvRPelbTTHcPgBw6rO+89uYEMsPcU3pEDfzgnXyy0LgfukI8Dh i3XSxh17J+LqpZ5VPneU/r8fTxjEtOhhoxevK8VV4yVC6TwXqSzgIGxdPmMjQcOp EM/xYv8gl1/yZo+FGZdnNqT24l54YO5bUCUMwpP2tGiHz0dJXeuDdFlpHnYAyMIS Yh20ccFJwiXPHbwvGxkj =rlGo -----END PGP SIGNATURE-----
