Package "wpagui"
| Name: |
wpagui
|
Description: |
graphical user interface for wpa_supplicant
|
| Latest version: |
2:2.9-1ubuntu4.6 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
wpa |
| Homepage: |
http://w1.fi/wpa_supplicant/ |
Links
Download "wpagui"
Other versions of "wpagui" in Focal
Changelog
|
wpa (2:2.9-1ubuntu4.6) focal-security; urgency=medium
* SECURITY UPDATE: Side-channel attack due to cache access patterns.
- debian/patches/CVE-2022-2330x-x.patch: Add crypto function operators in
./src/crypto/crypto.h, .../crypto_openssl.c, and .../crypto_wolfssl.c.
Add dragonfly_sqrt() helper function in ./src/common/dragonfly.c. Change
coordinate calculations in ./src/eap_common/eap_pwd_common.c.
- CVE-2022-23303
- CVE-2022-23304
* SECURITY UPDATE: Encrypted element reusage.
- debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
and wpas_dpp_pkex_clear_code(), and clear code reusage in
./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
- CVE-2022-37660
-- Hlib Korzhynskyy <email address hidden> Mon, 24 Feb 2025 16:44:55 -0330
|
| Source diff to previous version |
| CVE-2022-2330 |
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause t |
| CVE-2022-23303 |
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access p |
| CVE-2022-23304 |
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache acce |
| CVE-2022-37660 |
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public |
|
|
wpa (2:2.9-1ubuntu4.4) focal-security; urgency=medium
* SECURITY UPDATE: loading arbitrary shared objects, privilege escalation
- debian/patches/lib_engine_trusted_path.patch: Allow shared objects
to only be loaded from /usr/lib, thanks to mdeslaur
- CVE-2024-5290
-- Sudhakar Verma <email address hidden> Mon, 05 Aug 2024 17:49:49 +0530
|
| Source diff to previous version |
|
wpa (2:2.9-1ubuntu4.3) focal-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via P2P provision
discovery requests
- debian/patches/CVE-2021-27803.patch: fix a corner case in peer
addition based on PD Request in src/p2p/p2p_pd.c.
- CVE-2021-27803
-- Marc Deslauriers <email address hidden> Mon, 01 Mar 2021 08:44:39 -0500
|
| Source diff to previous version |
| CVE-2021-27803 |
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could |
|
|
wpa (2:2.9-1ubuntu4.2) focal-security; urgency=medium
* SECURITY UPDATE: P2P discovery heap overflow
- debian/patches/CVE-2021-0326.patch: P2P: Fix copying of secondary
device types for P2P group client
- CVE-2021-0326
* SECURITY UPDATE: UPnP SUBSCRIBE misbehavior in WPS AP
- debian/patches/CVE-2020-12695-1.patch: WPS UPnP: Do not allow
event subscriptions with URLs to other networks
- debian/patches/CVE-2020-12695-2.patch: WPS UPnP: Fix event message
generation using a long URL path
- debian/patches/CVE-2020-12695-3.patch: WPS UPnP: Handle HTTP
initiation failures for events more properly
- CVE-2020-12695
-- Steve Beattie <email address hidden> Tue, 09 Feb 2021 22:29:47 -0800
|
| CVE-2021-0326 |
In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ... |
| CVE-2020-12695 |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on |
|
About
-
Send Feedback to @ubuntu_updates
