Overview

File _patchinfo of Package patchinfo.689

<patchinfo incident="689">
  <issue id="930079" tracker="bnc">CVE-2015-4143: EAP-pwd missing payload length validation</issue>
  <issue id="930078" tracker="bnc">CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing</issue>
  <issue id="930077" tracker="bnc">CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding</issue>
  <issue id="952254" tracker="bnc">CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control</issue>
  <issue id="937419" tracker="bnc">CVE-2015-8041: Incomplete WPS and P2P NFC NDEF record payload length validation</issue>
  <issue id="2015-4142" tracker="cve" />
  <issue id="2015-4143" tracker="cve" />
  <issue id="2015-4141" tracker="cve" />
  <issue id="2015-5310" tracker="cve" />
  <issue id="2015-8041" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
This update for wpa_supplicant fixes the following issues:

- CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077)
- CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.  (bnc#930078)
- CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079) 
- CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254)
- CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419)
</description>
  <summary>Security update for wpa_supplicant</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places