[ubuntu/focal-security] wpa 2:2.9-1ubuntu4.6 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon Mar 3 19:18:58 UTC 2025
wpa (2:2.9-1ubuntu4.6) focal-security; urgency=medium
* SECURITY UPDATE: Side-channel attack due to cache access patterns.
- debian/patches/CVE-2022-2330x-x.patch: Add crypto function operators in
./src/crypto/crypto.h, .../crypto_openssl.c, and .../crypto_wolfssl.c.
Add dragonfly_sqrt() helper function in ./src/common/dragonfly.c. Change
coordinate calculations in ./src/eap_common/eap_pwd_common.c.
- CVE-2022-23303
- CVE-2022-23304
* SECURITY UPDATE: Encrypted element reusage.
- debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
and wpas_dpp_pkex_clear_code(), and clear code reusage in
./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
- CVE-2022-37660
Date: 2025-03-03 16:37:12.243804+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list