-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-35-1                  May 16th, 2007
secure-testing-team@lists.alioth.debian.org                 Stefan Fritsch
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package        : aircrack-ng
Vulnerability  : programming error
Problem-Scope  : remote
Debian-specific: No
CVE ID         : CVE-2007-2057 

It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs 
insufficient validation of 802.11 authentication packets, which allows the 
execution of arbitrary code.

For the testing distribution (etch) this is fixed in version
1:0.8-0.1lenny1

Packages for the alpha, mipsel, and powerpc architectures are still missing and
 will
be released when they become available.

For the unstable distribution (sid) this is fixed in version
1:0.7-3

This upgrade is recommended if you use aircrack-ng.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get install aircrack-ng

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGUyyvbxelr8HyTqQRAgFTAJwJBxgSz+zhijwz883/S/jLUx1VTgCgtkyB
72owAarOLrUpcSMVfcyK/Tk=
=5HPR
-----END PGP SIGNATURE-----

_______________________________________________
secure-testing-announce mailing list
secure-testing-announce@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce