AVG-10

Package hostapd
Status Fixed
Severity High
Type multiple issues
Affected 2.5-2
Fixed 2.6-1
Current 2.6-7 [community]
Ticket FS#49196
Created Sun Sep 18 15:54:55 2016
Issue Severity Remote Type Description
CVE-2016-4477 High No Privilege escalation
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a...
CVE-2016-4476 Low Yes Denial of service
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter...
Date Advisory Package Description
04 Oct 2016 ASA-201610-3 hostapd multiple issues
References
https://w1.fi/security/2016-1/psk-parameter-config-update.txt
http://www.openwall.com/lists/oss-security/2016/05/03/2