Debian 10218 Published by

A wpa security update has been released for Debian GNU/Linux 8 Extended LTS to address a buffer over-write.



ELA-370-1 wpa security update

Package wpa
Version 2.3-1+deb8u12
Related CVEs CVE-2021-0326

An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution.

The mentioned support for WPA-EAP-SUITE-B(-192) in the changelog does not affect the version in Jessie.

For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u12.

We recommend that you upgrade your wpa packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-370-1 wpa security update