subject:"\[OE\-core\] \[PATCH\] wpa_supplicant\: Security Advisory\-wpa_supplicant\-CVE\-2016\-4476"

Re: [OE-core] [PATCH] wpa_supplicant: Security Advisory-wpa_supplicant-CVE-2016-4476

2016-09-21 Thread Burton, Ross

On 21 September 2016 at 03:47, Zhixiong Chi wrote: > +From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001 > +From: Jouni Malinen > +Date: Fri, 4 Mar 2016 17:20:18 +0200 > +Subject: [PATCH 1/2] WPS: Reject a Credential with

[OE-core] [PATCH] wpa_supplicant: Security Advisory-wpa_supplicant-CVE-2016-4476

2016-09-20 Thread Zhixiong Chi

Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ Signed-off-by: Zhixiong Chi ---