hostapd and wpa_supplicant: Multiple vulnerabilities

hostapd and wpa_supplicant: Multiple vulnerabilities Multiple vulnerabilities have been found in hostapd and wpa_supplicant, allowing remote attackers to execute arbitrary code or cause Denial of Service. wpa_supplicant 2016-06-27 2016-06-27 524928 547492 548742 548744 554860 554862 remote 2.5 2.5 2.5-r1 2.5-r1

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers.

Multiple vulnerabilities exist in both hostapd and wpa_supplicant. Please review the CVE identifiers for more information.

Remote attackers could execute arbitrary code with the privileges of the process or cause Denial of Service.

There is no known workaround at this time.

All hostapd users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.5"

All wpa_supplicant users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-wireless/wpa_supplicant-2.5-r1"

CVE-2014-3686 CVE-2014-3686 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 K_F b-man