hostapd-2.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10022 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z hostapd-2.6-1.1 on GA media These are all security issues fixed in the hostapd-2.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10022 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10022 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-3686/ SUSE CVE CVE-2014-3686 page https://www.suse.com/security/cve/CVE-2015-1863/ SUSE CVE CVE-2015-1863 page https://www.suse.com/security/cve/CVE-2015-4141/ SUSE CVE CVE-2015-4141 page https://www.suse.com/security/cve/CVE-2015-4142/ SUSE CVE CVE-2015-4142 page https://www.suse.com/security/cve/CVE-2015-4143/ SUSE CVE CVE-2015-4143 page https://www.suse.com/security/cve/CVE-2015-4144/ SUSE CVE CVE-2015-4144 page https://www.suse.com/security/cve/CVE-2015-4145/ SUSE CVE CVE-2015-4145 page https://www.suse.com/security/cve/CVE-2015-5314/ SUSE CVE CVE-2015-5314 page https://www.suse.com/security/cve/CVE-2016-4476/ SUSE CVE CVE-2016-4476 page openSUSE Tumbleweed hostapd-2.6-1.1 hostapd-2.6-1.1 as a component of openSUSE Tumbleweed wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. CVE-2014-3686 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3686.html CVE-2014-3686 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 https://bugzilla.suse.com/900611 SUSE Bug 900611 https://bugzilla.suse.com/915323 SUSE Bug 915323 Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. CVE-2015-1863 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate 3.2 AV:A/AC:H/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1863.html CVE-2015-1863 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/927558 SUSE Bug 927558 The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. CVE-2015-4141 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4141.html CVE-2015-4141 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930077 SUSE Bug 930077 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. CVE-2015-4142 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4142.html CVE-2015-4142 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930078 SUSE Bug 930078 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. CVE-2015-4143 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4143.html CVE-2015-4143 https://bugzilla.suse.com/930079 SUSE Bug 930079 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. CVE-2015-4144 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4144.html CVE-2015-4144 https://bugzilla.suse.com/930079 SUSE Bug 930079 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. CVE-2015-4145 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4145.html CVE-2015-4145 https://bugzilla.suse.com/930079 SUSE Bug 930079 The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. CVE-2015-5314 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5314.html CVE-2015-5314 https://bugzilla.suse.com/953115 SUSE Bug 953115 hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. CVE-2016-4476 openSUSE Tumbleweed:hostapd-2.6-1.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4476.html CVE-2016-4476 https://bugzilla.suse.com/978172 SUSE Bug 978172