mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 07:22:33 +00:00
b463a13881
This fixes the following security problems: * CVE-2019-9494: cache attack against SAE * CVE-2019-9495: cache attack against EAP-pwd * CVE-2019-9496: SAE confirm missing state validation in hostapd/AP * CVE-2019-9497: EAP-pwd server not checking for reflection attack) * CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element * CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element * CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment Most of these problems are not relevant for normal users, SAE is only used in ieee80211s mesh mode and EAP-pwd is normally not activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> |
||
---|---|---|
.. | ||
dnsmasq | ||
dropbear | ||
ead | ||
hostapd | ||
igmpproxy | ||
ipset-dns | ||
lldpd | ||
odhcpd | ||
omcproxy | ||
openvpn | ||
openvpn-easy-rsa | ||
ppp | ||
relayd | ||
samba36 | ||
uhttpd | ||
umdns | ||
wireguard |