LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux, 10 licenses for free!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ
SCALE conference

Debian-Testing alert DTSA-35-1 (aircrack-ng)



From:
    	      Stefan Fritsch <sf@sfritsch.de>


To:
    	      secure-testing-announce@lists.alioth.debian.org


Subject:
    	      [SECURITY] [DTSA-35-1] New aircrack-ng packages fix programming
 error


Date:
    	      Tue, 22 May 2007 19:47:27 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-35-1                  May 16th, 2007
secure-testing-team@lists.alioth.debian.org                 Stefan Fritsch
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package        : aircrack-ng
Vulnerability  : programming error
Problem-Scope  : remote
Debian-specific: No
CVE ID         : CVE-2007-2057 

It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs 
insufficient validation of 802.11 authentication packets, which allows the 
execution of arbitrary code.

For the testing distribution (etch) this is fixed in version
1:0.8-0.1lenny1

Packages for the alpha, mipsel, and powerpc architectures are still missing and will
be released when they become available.

For the unstable distribution (sid) this is fixed in version
1:0.7-3

This upgrade is recommended if you use aircrack-ng.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get install aircrack-ng

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGUyyvbxelr8HyTqQRAgFTAJwJBxgSz+zhijwz883/S/jLUx1VTgCgtkyB
72owAarOLrUpcSMVfcyK/Tk=
=5HPR
-----END PGP SIGNATURE-----

_______________________________________________
secure-testing-announce mailing list
secure-testing-announce@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-te...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds