ASA-2019-00268 – FreeBSD: Multiple vulnerabilities in hostapd and wpa_supplicant


Allele Security Alert

ASA-2019-00268

Identifier(s)

ASA-2019-00268, FreeBSD-SA-19:03.wpa, CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555

Title

Multiple vulnerabilities in hostapd and wpa_supplicant

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

All supported versions of FreeBSD

Fixed version(s)

2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE)
2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE)
2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10)

Proof of concept

Unknown

Description

Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. Security of the wireless network may be compromised.

Technical details

Unknown

Credits

Unknown

Reference(s)

Multiple vulnerabilities in hostapd and wpa_supplicant
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:03.wpa.asc

CVE-2019-9494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494

CVE-2019-9494
https://nvd.nist.gov/vuln/detail/CVE-2019-9494

CVE-2019-9495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495

CVE-2019-9495
https://nvd.nist.gov/vuln/detail/CVE-2019-9495

CVE-2019-9496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496

CVE-2019-9496
https://nvd.nist.gov/vuln/detail/CVE-2019-9496

CVE-2019-9497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497

CVE-2019-9497
https://nvd.nist.gov/vuln/detail/CVE-2019-9497

CVE-2019-9498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498

CVE-2019-9498
https://nvd.nist.gov/vuln/detail/CVE-2019-9498

CVE-2019-9499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499

CVE-2019-9499
https://nvd.nist.gov/vuln/detail/CVE-2019-9499

CVE-2019-11555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555

CVE-2019-11555
https://nvd.nist.gov/vuln/detail/CVE-2019-11555

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 15, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.