A wpa security update has been released for Debian GNU/Linux 8 Extended LTS to address a buffer over-write.
ELA-370-1 wpa security update
Package wpa
ELA-370-1 wpa security update
Version 2.3-1+deb8u12
Related CVEs CVE-2021-0326
An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution.
The mentioned support for WPA-EAP-SUITE-B(-192) in the changelog does not affect the version in Jessie.
For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u12.
We recommend that you upgrade your wpa packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
