USN-2650-1: wpa_supplicant and hostapd vulnerabilities
16 June 2015
wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic.
- wpa - client support for WPA and WPA2
- wpasupplicant - client support for WPA and WPA2
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.