Candidate: CVE-2019-10064
PublicDate: 2020-02-28 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064
 https://www.openwall.com/lists/oss-security/2020/02/27/1
 https://www.openwall.com/lists/oss-security/2020/02/27/2
Description:
 hostapd before 2.6, in EAP mode, makes calls to the rand() and random()
 standard library functions without any preceding srand() or srandom() call,
 which results in inappropriate use of deterministic values. This was fixed
 in conjunction with CVE-2016-10743.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by: Nicolas Massaviol and Jonathan Brossard
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_wpa:
 upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e
Tags_wpa: universe-binary
upstream_wpa: released (2:2.6-7)
precise/esm_wpa: DNE
trusty_wpa: ignored (out of standard support)
trusty/esm_wpa: needed
xenial_wpa: ignored (end of standard support, was needed)
esm-infra/xenial_wpa: needed
bionic_wpa: not-affected (2:2.6-15ubuntu2.5)
eoan_wpa: not-affected (2:2.9-1ubuntu2)
focal_wpa: not-affected (2:2.9-1ubuntu2)
groovy_wpa: not-affected (2:2.9-1ubuntu2)
hirsute_wpa: not-affected (2:2.9-1ubuntu2)
impish_wpa: not-affected (2:2.9-1ubuntu2)
jammy_wpa: not-affected (2:2.9-1ubuntu2)
devel_wpa: not-affected (2:2.9-1ubuntu2)