| Description: | Summary:
The remote host is missing an update for the Debian 'wpa' package(s) announced via the DSA-4898-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in wpa_supplicant and hostapd.
CVE-2020-12695
It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service.
CVE-2021-0326
It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.
CVE-2021-27803
It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.
For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: [link moved to references]
Affected Software/OS:
'wpa' package(s) on Debian 10.
Solution:
Please install the updated package(s).
CVSS Score:
7.9
CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
