CVE-2019-10064

Published: 28 February 2020

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
Upstream
Released (2:2.6-7)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2:2.9-1ubuntu2)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2:2.9-1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2:2.9-1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2:2.6-15ubuntu2.5)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e
Binaries built from this source package are in Universe and so are supported by the community.