[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Hi, I'm not sure if this is the place for this question but can someone on the team for Mint talk about what versions have been patched for KRACK? I know this exploit is new but it seems Debian has already patched some of their versions of wpa_supplicant.
Thank you
Thank you
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Wpa2 vulnerability - krack
I have just had an update for this I think
wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian jessie
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian jessie
- CVE-2016-4476
- CVE-2016-4477
wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian jessie
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian jessie
- CVE-2016-4476
- CVE-2016-4477
Re: Wpa2 vulnerability - krack
Yes, me too. Thanks to the quickly responding folks upstream!
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Wpa2 vulnerability - krack
yes, it's actually really impressiveMoem wrote:Yes, me too. Thanks to the quickly responding folks upstream!
Re: [PATCHED] Wpa2 vulnerability - krack
>> This issue is already fixed for all Linux Mint versions. <<
If you haven't yet applied all available security upgrades in Update Manager, do so now.
The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.
For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.
Ubuntu security notice for the WPA2 issue is found here: https://usn.ubuntu.com/usn/usn-3455-1/ (Linux Mint 18.x are based on Ubuntu 16.04 LTS and Linux Mint 17.x are based on Ubuntu 14.04 LTS). Debian security announcement for the WPA2 issue is found here: https://lists.debian.org/debian-securit ... 00261.html (LMDE 2 is based on Debian Jessie aka oldstable).
Most if not all major GNU/Linux distros have already fixed the WPA2 issue today. The real issue is with phones and tablets.
If you haven't yet applied all available security upgrades in Update Manager, do so now.
The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.
For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.
Ubuntu security notice for the WPA2 issue is found here: https://usn.ubuntu.com/usn/usn-3455-1/ (Linux Mint 18.x are based on Ubuntu 16.04 LTS and Linux Mint 17.x are based on Ubuntu 14.04 LTS). Debian security announcement for the WPA2 issue is found here: https://lists.debian.org/debian-securit ... 00261.html (LMDE 2 is based on Debian Jessie aka oldstable).
Most if not all major GNU/Linux distros have already fixed the WPA2 issue today. The real issue is with phones and tablets.
Krack WiFi exploit [IS ALREADY PATCHED]
So I came across some articles about how M$ already patched Windows against some WiFi exploit dubbed 'Krack' that nobody else seems to have done yet. Any ideas on how such a thing would be patched in the Linux world? Would it be distro specific? Kernel update? Obviously any articles about security usually get blown up more than they should, and every threat is the next big problem. Its just nice to know if things like this are being addressed.
Last edited by karlchen on Mon Oct 16, 2017 5:08 pm, edited 1 time in total.
Reason: Appended to thread in "Main Edition" - "Wifi": "[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]"
Reason: Appended to thread in "Main Edition" - "Wifi": "[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]"
Re: Krack WiFi exploit
Just today got an update for wpasupplicant, from 6.0 to 6.2. LM18.2 Xfce
https://wiki.archlinux.org/index.php/WPA_supplicant
https://wiki.archlinux.org/index.php/WPA_supplicant
Re: Krack WiFi exploit
This thread should answer your questions:
viewtopic.php?f=53&t=255523
viewtopic.php?f=53&t=255523
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: [PATCHED] Wpa2 vulnerability - krack
Thank you. This is exactly what I needed.
xenopeek wrote:>> This issue is already fixed for all Linux Mint versions. <<
If you haven't yet applied all available security upgrades in Update Manager, do so now.
The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.
For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.
Ubuntu security notice for the WPA2 issue is found here: https://usn.ubuntu.com/usn/usn-3455-1/ (Linux Mint 18.x are based on Ubuntu 16.04 LTS and Linux Mint 17.x are based on Ubuntu 14.04 LTS). Debian security announcement for the WPA2 issue is found here: https://lists.debian.org/debian-securit ... 00261.html (LMDE 2 is based on Debian Jessie aka oldstable).
Most if not all major GNU/Linux distros have already fixed the WPA2 issue today. The real issue is with phones and tablets.
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Just patched our router, updated wpasupplicant in Kubuntu, fixing to update Mint shortly. Ready to rock, again.
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Pulled out the laptop, updated wpa. Should be good to go.
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
October being cyber security month; irony?
Do routers from ISPs need patching as well?
Do routers from ISPs need patching as well?
-QUAD CORE Intel Core i7-4700MQ CPU (-HT-MCP-) 2.40GHz x4
-16GB RAM, 1 TB SSHD
-Graphics Card: Intel 4th Gen Core Processor Integrated Graphics Controller
-16GB RAM, 1 TB SSHD
-Graphics Card: Intel 4th Gen Core Processor Integrated Graphics Controller
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Ideally, yes, but the krackattacks folks had this to say about it:xdicey wrote:Do routers from ISPs need patching as well?
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
No sign of any such updates for Mint 17.3 Cinnamon .
Most likely those affected packages were not installed by default ...
...... anybody else on 17.3 ?
than a genuine threat .
The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .
Most likely those affected packages were not installed by default ...
...... anybody else on 17.3 ?
It looks like this vulnerability would only be of any practical use to wardrivers , and to me this appears more like a proof-of-conceptxdicey wrote:......
Do routers from ISPs need patching as well?
than a genuine threat .
The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Hi, Faust.
You should have received a wpa labelled update for wpasupplicant on Mint 17.x as well, irrespective of the desktop environment.
xenopeek gave these update version details for Mint 17.x :
It has arrived on my 2 Mint 17.x systems.
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)
Best regards,
Karl
You should have received a wpa labelled update for wpasupplicant on Mint 17.x as well, irrespective of the desktop environment.
xenopeek gave these update version details for Mint 17.x :
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
It has arrived on my 2 Mint 17.x systems.
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)
Best regards,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now.
Lifeline
- Pjotr
- Level 24
- Posts: 20090
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Faust wrote:The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]
Yes , those are exactly my chosen settings and always have been ( levels 1 to 3 , " always trust " etc ) .karlchen wrote: ......
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)
.....
I unchecked then re-checked those boxes , did a refresh , and Bingo ! .... there is the update .
Very strange ....
Many thanks for pointing the way ....
.... now I don't have to keep looking out of the window , watching for that character posted by @Pjotr ^^