[Buildroot] [PATCH 1/2] package/hostapd: add upstream 2019-1, 2, 3 security patches
Peter Korsgaard
peter at korsgaard.com
Thu Apr 11 11:02:31 UTC 2019
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Hi Peter,
> On Thu, Apr 11, 2019 at 12:42:13PM +0200, Peter Korsgaard wrote:
>> Fixes the following security vulnerabilities:
>>
>> - CVE-2019-9494 (cache attack against SAE)
>>
>> For details, see the advisory:
>> https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
>>
>> - CVE-2019-9495 (cache attack against EAP-pwd)
>>
>> For details, see the advisory:
>> https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
>>
>> - CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
>>
>> For details, see the advisory:
>> https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
>>
>> Notice that SAE is not currently enabled in Buildroot, but the patches are
>> included here anyway for completeness.
> What about CVE-2019-949{7,8,9}?
> https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Ups, I missed the advisory for those. I'l update and send a v2.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list