CVE-2019-9494

Priority
Description
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to
side channel attacks as a result of observable timing differences and cache
access patterns. An attacker may be able to gain leaked information from a
side channel attack that can be used for full password recovery. Both
hostapd with SAE support and wpa_supplicant with SAE support prior to and
including version 2.7 are affected.
Notes
mdeslaurSAE support not built in Ubuntu
Package
Source: wpa (LP Ubuntu Debian)
Upstream:released (2.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not built)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not built)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not built)
Ubuntu 19.04 (Disco Dingo):not-affected (code not built)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not built)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-12-05 18:51:46 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)