Changeset 48185

Timestamp:
2016-01-10T18:03:37+01:00 (2 years ago)
Author:
nbd
Message:

hostapd: fix post v2.4 security issues

  • WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141)
  • EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143)
  • EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143)
  • EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145)
  • EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145)
  • EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146)
  • NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041)
  • WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310)
  • EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315)
  • EAP-pwd server: Fix last fragment length validation (CVE-2015-5314)
  • EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316)

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@…>

Location:
trunk/package/network/services/hostapd/patches
Files:
11 added

Note: See TracChangeset for help on using the changeset viewer.