From secunia advisory at $URL: Description A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message. Successful exploitation requires that hostapd is configured to use the internal EAP authentication server. The vulnerability is reported in versions 0.6 through 1.0. Solution Fixed in the GIT repository. http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Patch included in hostapd-1.0-r4 - the rest is up to you :-)
(In reply to comment #1) > Patch included in hostapd-1.0-r4 - the rest is up to you :-) Thanks. Arches, please test and mark stable: =net-wireless/hostapd-1.0-r4 Target KEYWORDS: "amd64 ppc x86"
Once marked stable, please remove every other version than 1.0-r4. Thanks
x86 done
amd64 stable
stable ppc
(In reply to comment #3) > Once marked stable, please remove every other version than 1.0-r4. > > Thanks Cleanup done, security please vote.
CVE-2012-4445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4445): Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
Vote: no.
GLSA vote: no. Closing noglsa.