ELA-370-1 wpa security update

buffer over-write

2021-02-20
Packagewpa
Version2.3-1+deb8u12
Related CVEs CVE-2021-0326

An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution.

The mentioned support for WPA-EAP-SUITE-B(-192) in the changelog does not affect the version in Jessie.

For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u12.

We recommend that you upgrade your wpa packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/