aboutsummaryrefslogtreecommitdiffstats
path: root/.gitattributes
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2019-05-17 23:22:02 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2019-06-21 10:29:23 +0200
commitb463a13881d3699c0f2d67ceeda146c76af58ac6 (patch)
tree117e73afb22cfa753cdc076a063ae22cd33fb194 /.gitattributes
parentfc1dae5be797f54d45f5a61ae17fe548e108dd0d (diff)
downloadupstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.tar.gz
upstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.tar.bz2
upstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.zip
hostapd: fix multiple security problems
This fixes the following security problems: * CVE-2019-9494: cache attack against SAE * CVE-2019-9495: cache attack against EAP-pwd * CVE-2019-9496: SAE confirm missing state validation in hostapd/AP * CVE-2019-9497: EAP-pwd server not checking for reflection attack) * CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element * CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element * CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment Most of these problems are not relevant for normal users, SAE is only used in ieee80211s mesh mode and EAP-pwd is normally not activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to '.gitattributes')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 10:22:34 +0000