[Buildroot] [PATCH 1/2] package/hostapd: add upstream 2019-1, 2, 3 security patches

Peter Korsgaard peter at korsgaard.com
Thu Apr 11 11:02:31 UTC 2019


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Hi Peter,
 > On Thu, Apr 11, 2019 at 12:42:13PM +0200, Peter Korsgaard wrote:
 >> Fixes the following security vulnerabilities:
 >> 
 >> - CVE-2019-9494 (cache attack against SAE)
 >> 
 >> For details, see the advisory:
 >> https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
 >> 
 >> - CVE-2019-9495 (cache attack against EAP-pwd)
 >> 
 >> For details, see the advisory:
 >> https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
 >> 
 >> - CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
 >> 
 >> For details, see the advisory:
 >> https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
 >> 
 >> Notice that SAE is not currently enabled in Buildroot, but the patches are
 >> included here anyway for completeness.

 > What about CVE-2019-949{7,8,9}?

 > https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Ups, I missed the advisory for those. I'l update and send a v2.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list