|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for wpa_supplicant RHSA-2017:2911-01|
|Summary:||The remote host is missing an update for the 'wpa_supplicant'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'wpa_supplicant'
package(s) announced via the referenced advisory.
The wpa_supplicant packages contain an 802.1X
Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP
authentication methods. They implement key negotiation with a WPA Authenticator for
client stations and controls the roaming and IEEE 802.11 authentication and
association of the WLAN driver.
* A new exploitation technique called key reinstallation attacks (KRACK)
affecting WPA2 has been discovered. A remote attacker within Wi-Fi range
could exploit these attacks to decrypt Wi-Fi traffic or possibly inject
forged Wi-Fi packets by manipulating cryptographic handshakes used by the
WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,
Red Hat would like to thank CERT for reporting these issues. Upstream
acknowledges Mathy Vanhoef (University of Leuven) as the original reporter
of these issues.
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-13077|
Common Vulnerability Exposure (CVE) ID: CVE-2017-13078
Common Vulnerability Exposure (CVE) ID: CVE-2017-13080
Common Vulnerability Exposure (CVE) ID: CVE-2017-13087
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.