Ubuntu Security Notices
USN-2650-1

USN-2650-1: wpa_supplicant and hostapd vulnerabilities

Publication date

16 June 2015

Overview

wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic.

Releases

15.04 14.10 14.04 LTS 12.04

Packages

wpa - client support for WPA and WPA2
wpasupplicant - client support for WPA and WPA2

Details

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
15.04 vivid	hostapd – 2.1-0ubuntu7.2
15.04 vivid	wpasupplicant – 2.1-0ubuntu7.2
14.10 utopic	hostapd – 2.1-0ubuntu4.2
14.10 utopic	wpasupplicant – 2.1-0ubuntu4.2
14.04 trusty	hostapd – 1:2.1-0ubuntu1.3
14.04 trusty	wpasupplicant – 2.1-0ubuntu1.3
12.04 precise	wpasupplicant – 0.7.3-6ubuntu2.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›