Debian 10230 Published by

Updated wpa packages has been released for Debian GNU/Linux 8 LTS



Package : wpa
Version : 2.3-1+deb8u6
CVE ID : CVE-2018-14526
Debian Bug : 905739

The following vulnerability was discovered in wpa_supplicant.

CVE-2018-14526:
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
| through 2.6. Under certain conditions, the integrity of EAPOL-Key
| messages is not checked, leading to a decryption oracle. An attacker
| within range of the Access Point and client can abuse the
| vulnerability to recover sensitive information.

For Debian 8 "Jessie", this problem has been fixed in version
2.3-1+deb8u6.

We recommend that you upgrade your wpa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS.
  WPA Security Update for Debian 8 LTS