USN-2650-1: wpa_supplicant and hostapd vulnerabilities

Publication date

16 June 2015

Overview

wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic.


Packages

  • wpa - client support for WPA and WPA2
  • wpasupplicant - client support for WPA and WPA2

Details

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
15.04 vivid hostapd –  2.1-0ubuntu7.2
wpasupplicant –  2.1-0ubuntu7.2
14.10 utopic hostapd –  2.1-0ubuntu4.2
wpasupplicant –  2.1-0ubuntu4.2
14.04 trusty hostapd –  1:2.1-0ubuntu1.3
wpasupplicant –  2.1-0ubuntu1.3
12.04 precise wpasupplicant –  0.7.3-6ubuntu2.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›