| Package | wpa |
|---|---|
| Version | 2.3-1+deb8u12 |
| Related CVEs | CVE-2021-0326 |
An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might lead to a DoS of the wpa_supplicant process or potentially arbitrary code execution.
The mentioned support for WPA-EAP-SUITE-B(-192) in the changelog does not affect the version in Jessie.
For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u12.
We recommend that you upgrade your wpa packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.