From secunia advisory at $URL:
A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message.
Successful exploitation requires that hostapd is configured to use the internal EAP authentication server.
The vulnerability is reported in versions 0.6 through 1.0.
Fixed in the GIT repository.
Patch included in hostapd-1.0-r4 - the rest is up to you :-)
(In reply to comment #1)
> Patch included in hostapd-1.0-r4 - the rest is up to you :-)
Arches, please test and mark stable:
Target KEYWORDS: "amd64 ppc x86"
Once marked stable, please remove every other version than 1.0-r4.
(In reply to comment #3)
> Once marked stable, please remove every other version than 1.0-r4.
Cleanup done, security please vote.
Heap-based buffer overflow in the eap_server_tls_process_fragment function
in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6
through 1.0 allows remote attackers to cause a denial of service (crash or
abort) via a small "TLS Message Length" value in an EAP-TLS message with the
"More Fragments" flag set.
GLSA vote: no.