Support / Security / Advisories / Mandriva Linux LE2005 / MDKSA-2006:088

Package name: hostapd
Date: 2006-05-24
Advisory ID: MDKSA-2006:088
Affected versions: 2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Hostapd 0.3.7 allows remote attackers to cause a denial of service
(segmentation fault) via an unspecified value in the key_data_length
field of an EAPoL frame.

Packages have been patched to correct this issue.

Updated packages

2006.0 i586

 4d85ab25bff640f3176c5bb55ddcc214  2006.0/RPMS/hostapd-0.3.7-2.1.20060mdk.i586.rpm
 fe727611379d2f48798361d8d2be4bc1  2006.0/SRPMS/hostapd-0.3.7-2.1.20060mdk.src.rpm

10.2 i586

 9154a5005bc66dae4528cd3008dbca09  10.2/RPMS/hostapd-0.3.7-2.1.102dk.i586.rpm
 699e613fea4270c79ee1849d96f1ee03  10.2/SRPMS/hostapd-0.3.7-2.1.102dk.src.rpm

10.2 x86_64

 810b867b9562b11ce4ecb6ab7e3bd352  x86_64/10.2/RPMS/hostapd-0.3.7-2.1.102dk.x86_64.rpm
 699e613fea4270c79ee1849d96f1ee03  x86_64/10.2/SRPMS/hostapd-0.3.7-2.1.102dk.src.rpm

2006.0 x86_64

 a1952ce345775472df1aa7636fd7b5cc  x86_64/2006.0/RPMS/hostapd-0.3.7-2.1.20060mdk.x86_64.rpm
 fe727611379d2f48798361d8d2be4bc1  x86_64/2006.0/SRPMS/hostapd-0.3.7-2.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2213