CVE-2019-10064
Published: 28 February 2020
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
wpa Launchpad, Ubuntu, Debian |
Upstream |
Released
(2:2.6-7)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2:2.6-15ubuntu2.5)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
Patches: Upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||