[ubuntu/disco-updates] wpa 2:2.6-21ubuntu3.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Aug 14 13:28:11 UTC 2019
wpa (2:2.6-21ubuntu3.2) disco-security; urgency=medium
* SECURITY UPDATE: SAE/EAP-pwd side-channel attack w/Brainpool curves
- debian/patches/CVE-2019-13377-2.patch: use const_time_memcmp() for
pwd_value >= prime comparison in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-3.patch: use BN_bn2binpad() or
BN_bn2bin_padded() if available in src/crypto/crypto_openssl.c.
- debian/patches/CVE-2019-13377-5.patch: run through prf result
processing even if it >= prime in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-pre6.patch: disallow ECC groups with a
prime under 256 bits in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-6.patch: disable use of groups using
Brainpool curves in src/eap_common/eap_pwd_common.c.
- CVE-2019-13377
Date: 2019-08-13 18:42:13.979155+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/wpa/2:2.6-21ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list