Your submission was sent successfully! Close

USN-2650-1: wpa_supplicant and hostapd vulnerabilities

16 June 2015

wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic.



  • wpa - client support for WPA and WPA2
  • wpasupplicant - client support for WPA and WPA2


Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to reboot your computer to make
all the necessary changes.