Source: wpa
Version: 2:2.4-1
Severity: important
Tags: patch security upstream

Hi,

The following vulnerability was published for wpa.

CVE-2018-14526[0]:
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0
| through 2.6. Under certain conditions, the integrity of EAPOL-Key
| messages is not checked, leading to a decryption oracle. An attacker
| within range of the Access Point and client can abuse the
| vulnerability to recover sensitive information.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-14526
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
[1] https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt

Regards,
Salvatore

Reply via email to