Right, there are backported patches against 2.6, but we're running 2.5 in contrib/ .
This is all "I'm out of time right now", so if someone wants to do the ports work and/or the contrib work with the patches for this vuln then please do. I should be able to get to it in the next few days but I'm busy with family and employment. -adrian On 16 October 2017 at 10:19, Kevin Oberman <[email protected]> wrote: > On Mon, Oct 16, 2017 at 8:55 AM, Adrian Chadd <[email protected]> > wrote: >> >> hi, >> >> I got the patches a couple days ago. I've been busy with personal life >> stuff so I haven't updated our in-tree hostapd/wpa_supplicant. If >> someone beats me to it, great, otherwise I'll try to do it in the next >> couple days. >> >> I was hoping (!) for a hostap/wpa_supplicant 2.7 update to just update >> everything to but so far nope. It should be easy enough to update the >> port for now as it's at 2.6. >> >> >> >> -adrian >> >> >> On 16 October 2017 at 06:04, Cy Schubert <[email protected]> wrote: >> > In message <[email protected]>, Lev >> > Serebryakov >> > writes: >> >> On 16.10.2017 13:38, blubee blubeeme wrote: >> >> >> >> > well, that's a cluster if I ever seen one. >> >> It is really cluster: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, >> >> CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, >> >> CVE-2017-13086,CVE-2017-13087, CVE-2017-13088. >> > >> > The gory details are here: >> > https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt >> > >> > The announcement is here: >> > https://www.krackattacks.com/ >> > >> > >> > -- >> > Cheers, >> > Cy Schubert <[email protected]> >> > FreeBSD UNIX: <[email protected]> Web: http://www.FreeBSD.org >> > >> > The need of the many outweighs the greed of the few. >> > > > > While I do not encourage waiting, it is quite likely that the upstream patch > wil show up very soon now that the vulnerability is public. > > It's also worth noting that fixing either end of the connection is all that > is required, as I understand it. So getting an update for your AP is not > required. That is very fortunate as the industry has a rather poor record of > getting out firmware updates for hardware more than a few months old. Also, > it appears that Windows and iOS are not vulnerable due to flaws in their > implementation of the WPA2 spec. (Of course, if you update your AP(s), you > no longer need to worry about your end devices. > -- > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: [email protected] > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[email protected]"
