Security update for wpa_supplicant SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2357-1 Final 1 1 2016-09-23T11:02:02Z current 2016-09-23T11:02:02Z 2016-09-23T11:02:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wpa_supplicant This update for wpa_supplicant fixes the following issues: - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077) - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078) - CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079) - CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254) - CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html E-Mail link for openSUSE-SU-2016:2357-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 wpa_supplicant-2.2-8.1 wpa_supplicant-gui-2.2-8.1 wpa_supplicant-2.2-8.1 as a component of openSUSE Leap 42.1 wpa_supplicant-gui-2.2-8.1 as a component of openSUSE Leap 42.1 The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. CVE-2015-4141 openSUSE Leap 42.1:wpa_supplicant-2.2-8.1 openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html https://www.suse.com/security/cve/CVE-2015-4141.html CVE-2015-4141 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930077 SUSE Bug 930077 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. CVE-2015-4142 openSUSE Leap 42.1:wpa_supplicant-2.2-8.1 openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html https://www.suse.com/security/cve/CVE-2015-4142.html CVE-2015-4142 https://bugzilla.suse.com/915323 SUSE Bug 915323 https://bugzilla.suse.com/930078 SUSE Bug 930078 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. CVE-2015-4143 openSUSE Leap 42.1:wpa_supplicant-2.2-8.1 openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html https://www.suse.com/security/cve/CVE-2015-4143.html CVE-2015-4143 https://bugzilla.suse.com/930079 SUSE Bug 930079 The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. CVE-2015-5310 openSUSE Leap 42.1:wpa_supplicant-2.2-8.1 openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html https://www.suse.com/security/cve/CVE-2015-5310.html CVE-2015-5310 https://bugzilla.suse.com/952254 SUSE Bug 952254 https://bugzilla.suse.com/953115 SUSE Bug 953115 Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. CVE-2015-8041 openSUSE Leap 42.1:wpa_supplicant-2.2-8.1 openSUSE Leap 42.1:wpa_supplicant-gui-2.2-8.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00075.html https://www.suse.com/security/cve/CVE-2015-8041.html CVE-2015-8041 https://bugzilla.suse.com/937419 SUSE Bug 937419