-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3743-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb February 27, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : wpa Version : 2:2.7+git20190128+0c1e29f-6+deb10u4 CVE ID : CVE-2023-52160 Debian Bug : 1064061 It was discovered that there was a potential authentication bypass vulnerability in wpa, a set of tools including the widely-used wpasupplicant client for authenticating with WPA and WPA2 wireless networks. For an attack to have been successful, wpasupplicant must have been configured to not verify the network's TLS certificate during Phase 1 of the authentication cycle; a eap_peap_decrypt vulnerability could have been used to skip Phase 2 authentication by sending an EAP-TLV "Success" packet instead of starting Phase 2. For Debian 10 buster, this problem has been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u4. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXd62AACgkQHpU+J9Qx Hlhd4xAAtrUm2WhASv3Yv6UhOdBLeQ7lkzVUYlH5KcKWVtRK+VyCogU3qQWmF9CO orcF8bgrlAiij8YB4fnI/9eG1/W2pg4C7eViw95ShydtbDg5qmw+fz5gGFKoytW3 JWC2D3Y77tmUHc/HOS2aAEsE8lRDZECNKnFFU9GHRWdeTklXBGFRiyJvnj7O1bnh YS7tufOfhOK49CX1N069x/cXgRfAJDobEpwrrVJfKnlyDeKZ8mfLYtBXNu/iKV1z ZUJmg4aSZvCo5Fskaui0QLsj7EHYKs1KXFryKXgGcz4GVbrx3glAO/iYM6YZ1M0B H+CAkhBhb05GZ7yHxiRBvJqdRGZ1W54YLGRbN7rJfyIhxHh9uID31yh9M9wTDn0D B1/yQ30VqcJVAjRWTVwsU4TNEn0AndtL068+zpYX7sz0Uz1guXB43zQ9rCs7kFa7 UjtJ3/gOJ/9mQn7sgjL8RxH1laYW7wxa+GSzccmn+INZxRcNWToYAYJCS2/OSGHO BtVmyo7qHyKxA+72uV7bpp3znRru/EneCWRRhhvyPwsc5yjXV8tvBlI91rEdarkk fOqbcknz8Y7vPAKxPg8NBdHa6Ut+8Iizony9XEosWIWf/+PTvg539GjTXp1MmThK +wtd2DlmXuXHpyhB0DSME9wNaoviShQ1yUww0lQeYcSBWse7soc= =6/3V -----END PGP SIGNATURE-----