-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : wpa Version : 2.3-1+deb8u9 CVE ID : CVE-2019-16275 Debian Bug : 940080
hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues. For Debian 8 "Jessie", this problem has been fixed in version 2.3-1+deb8u9. We recommend that you upgrade your wpa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1/ryhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTdaw//exDv5LaC2gDMR2OVp4OQj2aaEpWfrZQ1dyL5t05qIp9HoU9I1bTUOmTn TaBYNZwwp2AMQ1voy6gAMtMf6VFu8JRYVzq3UiSg3IbtzQN2/A2Hd/z/l/WTgxrD aPEliuSLIl4t37WIVEKFbT7ko95O8S35h7AlWRMr8pg/d9bbWx334P2S7/6JeegB pUJGFNBR3MQq+tiYtKwF29sqT2UF9wngnCSJT9KzS+WBgX95SOYW9U9Oc0zQehOp NQUv5nbqLFHw4YKIHah6XgsO7N9X57mFjWe/R83b75yd0rH9qAQSy9/+px9lAmTM ExYEV2PPS9yp/JgIQHZm9XA+GrT75Fi2mX8ozfJNhJWM8ggwLHxu+uTln0ZXA6PH fjMs3JIcNyooe9sLSE5lM6Iz0+Xt6B3Ln2Yy7k9rO/fFbCCqypVwrPcfCP2ooMYU 3LcSzV6X6Oz3pvMEYBF6t4U2h/4/UJg0dxALoBXGYTPCrkQQxO0ERzqj3Pbhuqxn KbGHO6ArFGMG2eSMU6KZrT+JFpOxTMjuSRRwJIbIiJ8K2gsnO/tnScewtffxvT/b Be2b9oV/YcDHyTchCDmp37+JGaseaFJym0IRNYEEDGFHnyneKQIFMpa1PEyrHJKo hy/EGamtFBqduqAx4vGeEt/6sGi5M5koV/LZnm3xBW78xjLVh1Y= =K1cc -----END PGP SIGNATURE-----
