ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-08 22:12:49 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
b463a13881
openwrt/package/network
History
Hauke Mehrtens b463a13881 hostapd: fix multiple security problems 
This fixes the following security problems:
* CVE-2019-9494:  cache attack against SAE
* CVE-2019-9495:  cache attack against EAP-pwd
* CVE-2019-9496:  SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497:  EAP-pwd server not checking for reflection attack)
* CVE-2019-9498:  EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499:  EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment

Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-21 10:29:23 +02:00
..
config netifd: handle hotplug event socket errors 2019-02-02 20:48:32 +01:00
ipv6 map: drop default encaplimit value 2018-12-18 11:28:13 +01:00
services hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
utils curl: Fix multiple security problems 2019-05-30 12:15:20 +02:00