apt-listchange : nouveautés
Les mofidifications suivantes ont été découvertes dans les paquets que vous allez installer :
wpa (2:2.4-1+deb9u3) stretch-security; urgency=high
This release backports changes to help mitigate EAP-pwd security issues
(CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499).
Unfortunately, the complete fix heavily depends on the code added after
wpa 2.4 release, so porting it is not practical. Consider using strong
passwords to prevent dictionary attacks.
For more information about the issues and their impace, see the Debian
Security Advisory DSA-4430-1.
For even more details, please read the following documents:
- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Should you need a more complete fix, please consider upgrading to a newer
version from stretch-backports when it becomes available.
-- Andrej Shadura <andrewsh@debian.org> Wed, 10 Apr 2019 18:57:20 +0200