Source: wpa Severity: serious Tags: security Hi, the following vulnerability was published for wpa. It affects both wpa-supplicant and hostapd:
CVE-2014-3686[0]: action script execution vulnerability >From https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3686: > Jouni Malinen discovered that a string supplied from a remote device could > be supplied to a system() call in wpa_cli or hostapd_cli when running an > action script (with the "-a" option), resulting in arbitrary command > execution. This issue could also be triggered by an attacker within radio > range. > > Patches are available from the following: > http://w1.fi/security/2014-1/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686 https://security-tracker.debian.org/tracker/CVE-2014-3686 Please adjust the affected versions in the BTS as needed. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
