All errata/sisyphus/ALT-PU-2016-2481-1
ALT-PU-2016-2481-1

Package update hostapd in branch sisyphus

Version2.6-alt1
Published2016-12-23
Max severityHIGH
Severity:

Closed issues (4)

BDU:2021-01305
MEDIUM5.3

Уязвимость функции rand() and random() программной сертификации устройств беспроводной сети WPA, связанная с недостатком в энтропии в выборе PIN, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-14Modified: 2023-11-20
CVSS 3.xMEDIUM 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVE-2016-4476
HIGH7.5

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Published: 2016-05-09Modified: 2026-06-16
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-10064
HIGH7.5

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Published: 2020-02-28Modified: 2026-06-16
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H