Summary: | <net-wireless/hostapd-2.6: Multiple vulnerabilities (CVE-2016-4476) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gurligebis |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://w1.fi/cgit/hostap/plain/hostapd/ChangeLog | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=596042 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-wireless/hostapd-2.6
|
Runtime testing required: | --- |
Bug Depends on: | 596324 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2016-10-03 13:19:39 UTC
@ maintainer(s): Upstream has released v2.6 which contains fixes for the reported vulnerabilities. After the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not. Bumped, please stabilize and then remove the old version. @ Maintainer: Thank you for your work! @ Arches, please test and mark stable: =net-wireless/hostapd-2.6 Stable targets: amd64 ppc x86 amd64 stable x86 stable CVE-2016-4476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4476): hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. ppc stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No |