[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
Devnullptr_

[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by Devnullptr_ »

Hi, I'm not sure if this is the place for this question but can someone on the team for Mint talk about what versions have been patched for KRACK? I know this exploit is new but it seems Debian has already patched some of their versions of wpa_supplicant.

Thank you
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
waynea
Level 3
Level 3
Posts: 135
Joined: Mon Oct 14, 2013 11:49 am

Re: Wpa2 vulnerability - krack

Post by waynea »

I have just had an update for this I think

wpa (2.1-0ubuntu1.5) trusty-security; urgency=medium

* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian jessie
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian jessie
- CVE-2016-4476
- CVE-2016-4477
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Wpa2 vulnerability - krack

Post by Moem »

Yes, me too. Thanks to the quickly responding folks upstream!
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
waynea
Level 3
Level 3
Posts: 135
Joined: Mon Oct 14, 2013 11:49 am

Re: Wpa2 vulnerability - krack

Post by waynea »

Moem wrote:Yes, me too. Thanks to the quickly responding folks upstream!
yes, it's actually really impressive
User avatar
xenopeek
Level 25
Level 25
Posts: 29509
Joined: Wed Jul 06, 2011 3:58 am

Re: [PATCHED] Wpa2 vulnerability - krack

Post by xenopeek »

>> This issue is already fixed for all Linux Mint versions. <<

If you haven't yet applied all available security upgrades in Update Manager, do so now.

The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.

For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.

Ubuntu security notice for the WPA2 issue is found here: https://usn.ubuntu.com/usn/usn-3455-1/ (Linux Mint 18.x are based on Ubuntu 16.04 LTS and Linux Mint 17.x are based on Ubuntu 14.04 LTS). Debian security announcement for the WPA2 issue is found here: https://lists.debian.org/debian-securit ... 00261.html (LMDE 2 is based on Debian Jessie aka oldstable).

Most if not all major GNU/Linux distros have already fixed the WPA2 issue today. The real issue is with phones and tablets.
Image
Jaydemir

Krack WiFi exploit [IS ALREADY PATCHED]

Post by Jaydemir »

So I came across some articles about how M$ already patched Windows against some WiFi exploit dubbed 'Krack' that nobody else seems to have done yet. Any ideas on how such a thing would be patched in the Linux world? Would it be distro specific? Kernel update? Obviously any articles about security usually get blown up more than they should, and every threat is the next big problem. Its just nice to know if things like this are being addressed.
Last edited by karlchen on Mon Oct 16, 2017 5:08 pm, edited 1 time in total.
Reason: Appended to thread in "Main Edition" - "Wifi": "[PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]"
sarge816
Level 3
Level 3
Posts: 189
Joined: Sun Jun 13, 2010 9:04 pm

Re: Krack WiFi exploit

Post by sarge816 »

Just today got an update for wpasupplicant, from 6.0 to 6.2. LM18.2 Xfce
https://wiki.archlinux.org/index.php/WPA_supplicant
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Krack WiFi exploit

Post by Moem »

This thread should answer your questions:
viewtopic.php?f=53&t=255523
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Devnullptr_

Re: [PATCHED] Wpa2 vulnerability - krack

Post by Devnullptr_ »

Thank you. This is exactly what I needed.

xenopeek wrote:>> This issue is already fixed for all Linux Mint versions. <<

If you haven't yet applied all available security upgrades in Update Manager, do so now.

The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.

For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.

Ubuntu security notice for the WPA2 issue is found here: https://usn.ubuntu.com/usn/usn-3455-1/ (Linux Mint 18.x are based on Ubuntu 16.04 LTS and Linux Mint 17.x are based on Ubuntu 14.04 LTS). Debian security announcement for the WPA2 issue is found here: https://lists.debian.org/debian-securit ... 00261.html (LMDE 2 is based on Debian Jessie aka oldstable).

Most if not all major GNU/Linux distros have already fixed the WPA2 issue today. The real issue is with phones and tablets.
jglen490

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by jglen490 »

Just patched our router, updated wpasupplicant in Kubuntu, fixing to update Mint shortly. Ready to rock, again.
jglen490

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by jglen490 »

Pulled out the laptop, updated wpa. Should be good to go.
xdicey
Level 4
Level 4
Posts: 469
Joined: Wed Sep 16, 2015 2:42 pm

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by xdicey »

October being cyber security month; irony?
Do routers from ISPs need patching as well?
-QUAD CORE Intel Core i7-4700MQ CPU (-HT-MCP-) 2.40GHz x4
-16GB RAM, 1 TB SSHD
-Graphics Card: Intel 4th Gen Core Processor Integrated Graphics Controller
User avatar
xenopeek
Level 25
Level 25
Posts: 29509
Joined: Wed Jul 06, 2011 3:58 am

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by xenopeek »

xdicey wrote:Do routers from ISPs need patching as well?
Ideally, yes, but the krackattacks folks had this to say about it:
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Image
Faust

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by Faust »

No sign of any such updates for Mint 17.3 Cinnamon .
Most likely those affected packages were not installed by default ...
...... anybody else on 17.3 ?
xdicey wrote:......
Do routers from ISPs need patching as well?
It looks like this vulnerability would only be of any practical use to wardrivers , and to me this appears more like a proof-of-concept
than a genuine threat .
The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .
User avatar
karlchen
Level 23
Level 23
Posts: 18179
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by karlchen »

Hi, Faust.

You should have received a wpa labelled update for wpasupplicant on Mint 17.x as well, irrespective of the desktop environment.
xenopeek gave these update version details for Mint 17.x :
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.

It has arrived on my 2 Mint 17.x systems.
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)

Best regards,
Karl
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
User avatar
Pjotr
Level 23
Level 23
Posts: 19888
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by Pjotr »

Faust wrote:The probability that someone is in a vehicle , within wireless range , and actively trying to hack my wifi is tiny .
Image
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Faust

Re: [PATCHED] Wpa2 vulnerability - krack [issue is fixed on all Mint versions]

Post by Faust »

karlchen wrote: ......
In case you cannot find it in your Update Manager history and in case it is not offered to you really, check
+ which update levels you have enabled in Update Manager. Should be 1, 2 and 3 at minimum (default)
+ whether you have enabled the option to "always trust and accept security updates" (wise idea to do so)
.....
Yes , those are exactly my chosen settings and always have been ( levels 1 to 3 , " always trust " etc ) .

I unchecked then re-checked those boxes , did a refresh , and Bingo ! .... there is the update .
Very strange ....

Many thanks for pointing the way ....
.... now I don't have to keep looking out of the window , watching for that character posted by @Pjotr ^^
:D
Locked

Return to “Networking”