hostapd: SAE confirm missing state validation in hostapd/AP (CVE-2019-9496)
An invalid authentication sequence could result in the hostapd process
terminating due to missing state validation steps when
processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable.
Update to hostapd v2.8 or newer, once available.
(from redmine: issue id 10331, created on 2019-04-25, closed on 2019-06-20)