{"affected":[{"ecosystem_specific":{"binaries":[{"hostapd":"2.9-bp152.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"hostapd","purl":"pkg:rpm/suse/hostapd&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.9-bp152.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for hostapd fixes the following issues:\n\n- CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n- CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (boo#1172700)\n- CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934) \n\n- added AppArmor profile (source apparmor-usr.sbin.hostapd)\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","id":"openSUSE-SU-2021:0545-1","modified":"2021-04-12T10:05:09Z","published":"2021-04-12T10:05:09Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7GHTARPJSUMITH7M3ESWRIZUIYW5UAM6/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1150934"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172700"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184348"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16275"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30004"}],"related":["CVE-2019-16275","CVE-2020-12695","CVE-2021-30004"],"summary":"Security update for hostapd","upstream":["CVE-2019-16275","CVE-2020-12695","CVE-2021-30004"]}