Sicherheit: Zwei Probleme in wpa_supplicant

Lesezeichen hinzufügen

--===============6909420854837479858==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="bda7maMjJbTZ4Ov1"
Content-Disposition: inline

--bda7maMjJbTZ4Ov1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4734-1
February 11, 2021

wpa vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in wpa_supplicant and hostapd.

Software Description:
- wpa: client support for WPA and WPA2

Details:

It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) group information in some situations, leading to a
heap overflow. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2021-0326)

It was discovered that hostapd did not properly handle UPnP subscribe
messages in some circumstances. An attacker could use this to cause a
denial of service. (CVE-2020-12695)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
hostapd 2:2.9-1ubuntu8.1
wpasupplicant 2:2.9-1ubuntu8.1

Ubuntu 20.04 LTS:
hostapd 2:2.9-1ubuntu4.2
wpasupplicant 2:2.9-1ubuntu4.2

Ubuntu 18.04 LTS:
hostapd 2:2.6-15ubuntu2.7
wpasupplicant 2:2.6-15ubuntu2.7

Ubuntu 16.04 LTS:
hostapd 1:2.4-0ubuntu6.7
wpasupplicant 2.4-0ubuntu6.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4734-1
CVE-2020-12695, CVE-2021-0326

Package Information:
https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1
https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2
https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7

--bda7maMjJbTZ4Ov1
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAmAlrtsACgkQLwmejQBe
gfQV3A/7Bb3tCy8YirDJsV9dxdObSri6ZoxnS67Ecztiv6vU29VvjjuUV9NDD6kT
9Mp5wvOhnSeRHw432/AQ+8cI8e8toDTEIkWfmvUOyU6O7Oea3SgIULOpa7bUJXv7
je7b2jc01uQMaA5AAlqOiZEdFN4OyOYNCTtu4NRMQCToDtvYQKPmFj1LX9VLNV0H
sDzq9FSBgfvWAXMg0retN0TQb4zrEeiGhMhTz7q71w3fAzgTrMDpxNJ3T65tVh0w
jcT1Kd3uINn/sLQSaB9HF1745nzyx1V/fM7hVTECNpoCLNKQLQGCrxFcxOVewsrQ
BM45tQeCXg1NNc1I4WSkjcF+rgPntfB/NxkyE6NkhObFJoctRtVzZiucmHVRRSU/
8InQ2VlxawreVp48JMbDM6uL1w8BoGBPw8gLZhVbPgRG9VvkSLsaz11WqD1hVqY+
fcaHJJyws+JptOxEe928ArV6nKiyI1SMDmG2b5Pma8eADsBFM0coODgvQTJlhSSA
pdh0zzL4Ru6vGT6dPaRbamBIunjWZkf1E1emcPoc2tNXIuLvy6v0K5q4/5p5RIK6
vElpx5E6LSG4N3EEMVnc2PAlSOQ955Z0j6yXEubquJk/Z3n7I+NwJ3wWgYRHQGjm
bPhUP1gApDnfbtEv1bmGLGSJ81tuiZ0hVAGzhPjSlIBhFRSL+5c=
=0ofw
-----END PGP SIGNATURE-----

--bda7maMjJbTZ4Ov1--

--===============6909420854837479858==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce