hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main i386
Package name hostapd
Package version 1.0
Package release 3+deb7u3
Package architecture i386
Package type deb
Installed size 993 B
Download size 465.79 KB
Official Mirror
Originally, hostapd was an optional user space component for Host AP
driver. It adds more features to the basic IEEE 802.11 management
included in the kernel driver: using external RADIUS authentication
server for MAC address based access control, IEEE 802.1X Authenticator
and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
Authenticator and dynamic TKIP/CCMP keying.
The current version includes support for other drivers, an integrated
EAP authenticator (i.e., allow full authentication without requiring
an external RADIUS authentication server), and RADIUS authentication
server for EAP authentication.
hostapd works with the following drivers:
* mac80211 based drivers with support for master mode [linux]
* Host AP driver for Prism2/2.5/3 [linux]
* Driver interface for FreeBSD net80211 layer [kfreebsd]
* Any wired Ethernet driver for wired IEEE 802.1X authentication.


Package Version Architecture Repository
hostapd_2.3-1+deb8u4.1~debwrt70+3_amd64.deb 2.3 amd64 DebWrt Unstable
hostapd_2.3-1+deb8u4.1~debwrt70+3_amd64.deb 2.3 amd64 DebWrt Stable
hostapd_1.0-3+deb7u5_i386.deb 1.0 i386 Debian Security Updates Main
hostapd_1.0-3+deb7u5_amd64.deb 1.0 amd64 Debian Security Updates Main
hostapd_1.0-3+deb7u3_amd64.deb 1.0 amd64 Debian Main
hostapd - - -


Name Value
initscripts >= 2.88dsf-13.3
libc6 >= 2.4
libnl-3-200 >= 3.2.7
libnl-genl-3-200 >= 3.2.7
libssl1.0.0 >= 1.0.0
lsb-base >= 3.2-13


Type URL
Binary Package hostapd_1.0-3+deb7u3_i386.deb
Source Package wpa

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install hostapd deb package:
    # sudo apt-get install hostapd




2015-10-31 - Salvatore Bonaccorso <>
wpa (1.0-3+deb7u3) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patch to address CVE-2015-4141.
CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
encoding. (Closes: #787372)
* Add patch to address CVE-2015-4142.
CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
(Closes: #787373)
* Add patches to address CVE-2015-4143.
CVE-2015-4143: EAP-pwd missing payload length validation. (Closes: #787371)
* Add patch to address 2015-5 vulnerability.
NFC: Fix payload length validation in NDEF record parser.
Note that this issue does not affect the binary packages distributed in
Debian in Wheezy as CONFIG_WPS_NFC=y is not set in the build
configuration. (Closes: #795740)
2015-04-23 - Stefan Lippers-Hollmann <>
wpa (1.0-3+deb7u2) wheezy-security; urgency=high
* import "P2P: Validate SSID element length before copying it
(CVE-2015-1863)" from upstream (Closes: #783148); this is essentially a
no-op for the wheezy binaries distributed by Debian, as CONFIG_P2P is
disabled there.
2014-10-15 - Stefan Lippers-Hollmann <>
wpa (1.0-3+deb7u1) wheezy-security; urgency=high
* Apply upstream patches for CVE-2014-3686 (Closes: #765352):
- add os_exec() helper to run external programs
- wpa_cli: Use os_exec() for action script execution
- hostapd_cli: Use os_exec() for action script execution
2012-10-08 - Stefan Lippers-Hollmann <>
wpa (1.0-3) unstable; urgency=high
* ship forgotten README-P2P.
* revert to GNU readline for wpa_cli, instead of using the internal readline
implementation added in wpa 1~. Prefer libreadline-gplv2-dev, because libnl
is GPL-2 (only) - switching back to the internal readline implementation is
targeted for wheezy+1 (Closes: #677993, #678077).
* Fix DoS via specially crafted EAP-TLS messages with longer message
length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990).
2012-05-14 - Kel Modderman <>
wpa (1.0-2) unstable; urgency=low
* Really enable hardened build flags, thanks Simon Ruderich
<>. (Closes: #657332)
* Do not suppress compilation output, set V=1.
2012-05-11 - Kel Modderman <>
wpa (1.0-1) unstable; urgency=low
[ Stefan Lippers-Hollmann ]
* New upstream release, no code changes since 1.0~rc3.
* upload to unstable, to fix FTBS with gcc-4.7.
* update debian/README.source.
[ Kel Modderman ]
* No longer explicitly add --as-needed to LDFLAGS, it is no longer
required since wpa_cli stopped linking to libreadline (WPA_CLI_EDIT=y).

See Also

Package Description
hostname_3.11_i386.deb utility to set/show the host name or domain name
hotkeys_0.5.7.4-0.3+b1_i386.deb A hotkeys daemon for your Internet/multimedia keyboard in X
hotot_0.9.7.32+git20111213.1d89daf-1.1_all.deb lightweight microblogging client
hotswap-gui_0.4.0-12_i386.deb (de)register hotswappable IDE hardware (GUI front-ends)
hotswap-text_0.4.0-12_i386.deb (de)register hotswappable IDE hardware (command line tool)
hotswap_0.4.0-12_all.deb (de)register hotswappable IDE hardware
hotwire_0.721-2_all.deb Extensible graphical command execution shell
howm_1.4.0rc2-2_all.deb Note-taking tool on Emacs
hoz-gui_1.65-2_i386.deb file splitter that uses the hacha file format
hoz_1.65-2_i386.deb file splitter that uses the hacha file format
hp-ppd_0.9-0.2_all.deb HP Postscript Printer Definition (PPD) files
hp-search-mac_0.1.3_all.deb Search for a MAC address on HP switches
hp2xx_3.4.4-8+deb7u1_i386.deb HPGL converter into some vector- and raster formats
hp48cc_1.3-4_i386.deb C-like compiler which produces HP48 RPN
hpanel_0.3.2-4_i386.deb minimalist panel for X