*** This bug is a duplicate of bug 1723909 ***
https://bugs.launchpad.net/bugs/1723909
Please see https://usn.ubuntu.com/usn/usn-3455-1/
** Information type changed from Public to Public Security
** This bug has been marked a duplicate of bug 1723909
[security] WPA2: Many vulnerabilities discovered
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wpa in Ubuntu.
https://bugs.launchpad.net/bugs/1724094
Title:
wpasupplicant nonce vulnerability (DSA-3999-1)
Status in wpa package in Ubuntu:
New
Bug description:
Having asked "When is this going to be merged into the Ubuntu package
set?" question #659543 I was advised to raise this as a bug by
"actionparsnip":
Given this, please would you investigate the following security
vulnerability as a bug:
wpasupplicant nonce vulnerability (DSA-3999-1):
In Mitre's CVE dictionary the following vulnerabilities for wpa
clients have been identified: CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Details from the Debian Security Advisory is here
https://www.debian.org/security/2017/dsa-3999
As the Debian wpasupplicant Maintainers have already provided a patch:
For the oldstable distribution (jessie), these problems have been fixed in
version 2.3-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in
version 2:2.4-1+deb9u1.
For the testing distribution (buster), these problems have been fixed in
version 2:2.4-1.1.
For the unstable distribution (sid), these problems have been fixed in
version 2:2.4-1.1.
I believe this covers LTS 14.04, 16.04 and all versions of Ubuntu
after 16.04 (16.10, 17.04, 17.10)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1724094/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
