IoTGateway/Security Hotfix

From ESS-WIKI
Jump to: navigation, search

In this section, we collect critical security vulnerabilities and corresponding hotfixes. You can check the impacts and decide whether need to upgrade your system or not.

Wi-Fi

KRACK : Key Reinstallation Attacks

Published
2017-10
Impacts
All WPA2 enabled Wi-fi devices are vulnerable.
Introduction
You can check the details from the KRACK website.
Solutions
The information below is based on the krackinfo website.
[Android]
No available patches now.
[Debian]
Update WPA package
https://www.debian.org/security/2017/dsa-3999
  • jessie
2.3-1+deb8u5
  • stretch
2:2.4-1+deb9u1
[Ubuntu]
Update hostap & wpasupplicant packages
https://usn.ubuntu.com/usn/usn-3455-1/
  • Ubuntu 17.04
hostapd 2.4-0ubuntu9.1
wpasupplicant 2.4-0ubuntu9.1
  • Ubuntu 16.04 LTS
hostapd 2.4-0ubuntu6.2
wpasupplicant 2.4-0ubuntu6.2
  • Ubuntu 14.04 LTS
hostapd 2.1-0ubuntu1.5
wpasupplicant 2.1-0ubuntu1.5
[Yocto]
Apply the following patches for wpa_supplicant.
https://w1.fi/security/2017-1/