[Buildroot] [PATCH v2 1/2] package/hostapd: add upstream 2019-1, 2, 3, 4 security patches
Peter Korsgaard
peter at korsgaard.com
Wed Apr 24 19:50:40 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> - CVE-2019-9494 (cache attack against SAE)
> For details, see the advisory:
> https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
> - CVE-2019-9495 (cache attack against EAP-pwd)
> For details, see the advisory:
> https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
> - CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
> For details, see the advisory:
> https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
> - CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
> - CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
> - CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
> For details, see the advisory:
> https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
> Notice that SAE is not currently enabled in Buildroot, but the patches are
> included here anyway for completeness.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list