[ubuntu/xenial-proposed] wpa 2.4-0ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Nov 10 18:55:31 UTC 2015 

wpa (2.4-0ubuntu5) xenial; urgency=medium

  * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
    - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
      Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
    - CVE-2015-5310
  * SECURITY UPDATE: EAP-pwd missing last fragment length validation
    - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
      validation in src/eap_peer/eap_pwd.c.
    - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
      validation in src/eap_server/eap_server_pwd.c.
    - CVE-2015-5315
  * SECURITY UPDATE: EAP-pwd peer error path failure on unexpected Confirm
    message
    - debian/patches/CVE-2015-5316.patch: fix error path in
      src/eap_peer/eap_pwd.c.
    - CVE-2015-5316
  * SECURITY UPDATE: denial of service in NDEF record parser
    - debian/patches/CVE-2015-8041.patch: validate payload lengths in
      src/wps/ndef.c.
    - CVE-2015-8041

Date: Tue, 10 Nov 2015 13:38:25 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Nov 2015 13:38:25 -0500
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.4-0ubuntu5
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Changes:
 wpa (2.4-0ubuntu5) xenial; urgency=medium
 .
   * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
     - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
       Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
     - CVE-2015-5310
   * SECURITY UPDATE: EAP-pwd missing last fragment length validation
     - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
       validation in src/eap_peer/eap_pwd.c.
     - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
       validation in src/eap_server/eap_server_pwd.c.
     - CVE-2015-5315
   * SECURITY UPDATE: EAP-pwd peer error path failure on unexpected Confirm
     message
     - debian/patches/CVE-2015-5316.patch: fix error path in
       src/eap_peer/eap_pwd.c.
     - CVE-2015-5316
   * SECURITY UPDATE: denial of service in NDEF record parser
     - debian/patches/CVE-2015-8041.patch: validate payload lengths in
       src/wps/ndef.c.
     - CVE-2015-8041
Checksums-Sha1:
 6431474eadd8b7b8eefc663aff79b398f5c23a61 2560 wpa_2.4-0ubuntu5.dsc
 763b1ef030fa19ce49eed18f81ff60d694e5ba55 88068 wpa_2.4-0ubuntu5.debian.tar.xz
Checksums-Sha256:
 d4e1d55d57cfe5cb518589c221ec03fc8a6eb4519387db7f5b320f53008643f1 2560 wpa_2.4-0ubuntu5.dsc
 bb2ce17f4e940ffe290da2aadc0f3c222a38b7c72f6b56bacb041d00233597da 88068 wpa_2.4-0ubuntu5.debian.tar.xz
Files:
 6401871d8875ae412cffe86593e209bc 2560 net optional wpa_2.4-0ubuntu5.dsc
 9f36037b1bf3bdb9ed1bcb59bcfd5dc1 88068 net optional wpa_2.4-0ubuntu5.debian.tar.xz
Original-Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWQj1CAAoJEGVp2FWnRL6ThkEP/igm9RgthRTqlza/AN22Te+a
WL59Uhh8+fT/BkfjtxFY+C3Hj8QEBOUalTDWi4hjeAOOYRwkyxURNNODY2Uv1Y2z
InQ60sn/tdpXXIpgCS0SecqZbJkRLOec0FwQP1croINtAjwWfNv/DREOk1DFRDko
T4hOLOZnuopZYA9DJI+mjmp7yjxA4Re4no/uocqxASVwPL56venVo2YPMWbUJa5S
HBUqmXp2RdY9DUKp8qezz8NcayeN/F6FDeUpMaG/Y4e07iFmUikGNm5bHERLIGpC
eFN4X3ev3b5yW4nyeGjV7vGf9iKMj0P5gvjv3p9qGuF4ksQKWpSppnN+Cw6z3DbR
61vZMhQUMSZQELgB09wo8A7ZTgwSqRrG2Qf2GG7XqqDa9fg8TLinJVxWsuouGJ9K
ozSNjs2GMAqepQvCFr1471/FWv5CmPZvsGj6jBaXyv8tt0CfFTPV4Uj+gKKXbvJC
VQ+0cImewDfHuojtKmRl81I+TSSic7JmkfzmJHZTWSXMpEtgfCFcjomV3WIrxF0W
X2fgfJsIWMb/qGl6hvyuj2FDRPQk3n5nDjs9GFFuu29kep5NCW7wjEpV5LsFJIfv
A4gqX6u+Cxcz2/DjItRP50TZyWXKS/CGD63pkG54ypyWdlexv2Ytsi195qYVhGjR
cF/Syc5LL8TZvO3xEfPe
=7iIR
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list