JDT Systems

Categories => General Discussion (Public) => Topic started by: andyassur on October 19, 2017, 07:30:42 PM

Title: redhat linux security
Post by: andyassur on October 19, 2017, 07:30:42 PM
it looks like red hat is doing some major patching of its os. i have been receiving about 20 emails a day about this since yesterday
Title: Re: redhat linux security
Post by: jdaniele on October 19, 2017, 09:16:04 PM
Is it anything to do with the WPA2 flaw?

http://jdtechservices.xp3.biz/jdaniele/forums/index.php?topic=21.0
Title: Re: redhat linux security
Post by: andyassur on October 20, 2017, 04:50:50 AM
Quote from: jdaniele on October 19, 2017, 09:16:04 PM
Is it anything to do with the WPA2 flaw?

http://jdtechservices.xp3.biz/jdaniele/forums/index.php?topic=21.0

one of 29 emails was about wpa


The following Red Hat Security Advisory has been published which may affect
subscriptions which you have purchased.


RHSA-2017:2907 Important: wpa_supplicant security update


Summary:

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.

Full details and references:

https://access.redhat.com/errata/RHSA-2017:2907?sc_cid=701600000006NHXAA2

CVE Names:

CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088

Revision History:

Issue Date: 2017-10-17
Updated:    2017-10-17

Free Web Hosting