[SECURITY] [DTSA-35-1] New aircrack-ng packages fix programming error
- Subject: [SECURITY] [DTSA-35-1] New aircrack-ng packages fix programming error
- From: sf at sfritsch.de (Stefan Fritsch)
- Date: Tue, 22 May 2007 19:47:27 +0200
- Message-id: <[🔎] E1HqYSF-0007np-Bv@k.lan>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-35-1 May 16th, 2007
secure-testing-team at lists.alioth.debian.org Stefan Fritsch
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------
Package : aircrack-ng
Vulnerability : programming error
Problem-Scope : remote
Debian-specific: No
CVE ID : CVE-2007-2057
It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs
insufficient validation of 802.11 authentication packets, which allows the
execution of arbitrary code.
For the testing distribution (etch) this is fixed in version
1:0.8-0.1lenny1
Packages for the alpha, mipsel, and powerpc architectures are still missing and will
be released when they become available.
For the unstable distribution (sid) this is fixed in version
1:0.7-3
This upgrade is recommended if you use aircrack-ng.
Upgrade Instructions
- --------------------
To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get install aircrack-ng
For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGUyyvbxelr8HyTqQRAgFTAJwJBxgSz+zhijwz883/S/jLUx1VTgCgtkyB
72owAarOLrUpcSMVfcyK/Tk=
=5HPR
-----END PGP SIGNATURE-----
Reply to: