diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-05-17 23:22:02 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-06-21 10:29:23 +0200 |
| commit | b463a13881d3699c0f2d67ceeda146c76af58ac6 (patch) | |
| tree | 117e73afb22cfa753cdc076a063ae22cd33fb194 /package/network/services/hostapd/Makefile | |
| parent | fc1dae5be797f54d45f5a61ae17fe548e108dd0d (diff) | |
| download | upstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.tar.gz upstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.tar.bz2 upstream-b463a13881d3699c0f2d67ceeda146c76af58ac6.zip | |
hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494: cache attack against SAE
* CVE-2019-9495: cache attack against EAP-pwd
* CVE-2019-9496: SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497: EAP-pwd server not checking for reflection attack)
* CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment
Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/services/hostapd/Makefile')
| -rw-r--r-- | package/network/services/hostapd/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index dacdf701b9..b548ecdf1b 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git |