[SECURITY] [DLA 1733-1] wpa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1733-1] wpa security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 28 Mar 2019 14:24:58 +0100
Message-id: <[🔎] 681463f5-11c6-7460-6bf2-0935289a8179@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wpa
Version        : 2.3-1+deb8u7
CVE ID         : CVE-2016-10743

It was found that the fallback mechanism for generating a WPS pin in
hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
used a low quality pseudorandom number generator. This was resolved by
using only the high quality os_get_random function.

For Debian 8 "Jessie", this problem has been fixed in version
2.3-1+deb8u7.

We recommend that you upgrade your wpa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlycyypfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQfEhAAh4y5Tt2t1RtyQMPs+UxlgJF28lDtpXd1HIVhTyZt5lbroi5U4DH38Y+j
J96Uc2V7S3Mw8x35SE4MDWK0gMwxyd8NJos512NupLXjOIcMJh4364/XQn49JCgd
e+iNAbWFI/HZS0KbJ3HHxacwOP9PCboj1JH29U3HHCXERKqoMSZ8coGP04yG4CZ7
/JCpjUNq20Jyt1gyViREw25SbcZRkxq9hiA1ml894W8kNpl76m0JW+ud0RktG4jg
NzI3s4ROjWaUSQZSaKbdAk1Ux/beETsNuAr9HRbclgixw7ZsW7lnRJF7ZRjJCLkY
3jIAGVenNNd4xlaM74VB/zWo+G++oDtxqiEm64sPoiTYHLwq3cC7QaAbsp+zh4sV
uEaxi7pBC0rAI6nhqWmK2FuGS9P+7NinIHT4TpmRWon8YU4VfSnWOb46qh4q/5LP
gA75OI4aJ983sYp1KDKomoi8JJwypWzVVXFYuCb1bHX5jUasB54/KLbSs77xlmVf
L9WuUIBohXCXmPyUkx4h/1OafYPfIT7Tr2WvcCS3/R85K7MoImFNIMK9poRTNTed
UFvpb9bTvmv75eP6NshZbZ0AoE3KfNdeeA1q4iGlqOH+TNkErI+vk1mMbo5iwWYP
/PFJ0n/zv2slDigA2W+bUFTxyBJ1xWUCkBm1mbIAHsmb2uSTrIg=
=s7zI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1731-1] linux security update
Next by Date: [SECURITY] [DLA 1734-1] libraw security update
Previous by thread: [SECURITY] [DLA 1731-1] linux security update
Next by thread: [SECURITY] [DLA 1734-1] libraw security update
Index(es):
- Date
- Thread