LISTSERV 16.5 - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: wpa_supplicant security update
Advisory ID:       SLSA-2017:2907-1
Issue Date:        2017-10-18
CVE Numbers:       CVE-2017-13077
                   CVE-2017-13078
                   CVE-2017-13080
                   CVE-2017-13082
                   CVE-2017-13086
                   CVE-2017-13087
                   CVE-2017-13088
--

Security Fix(es):

* A new exploitation technique called key reinstallation attacks (KRACK)
affecting WPA2 has been discovered. A remote attacker within Wi-Fi range
could exploit these attacks to decrypt Wi-Fi traffic or possibly inject
forged Wi-Fi packets by manipulating cryptographic handshakes used by the
WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,
CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
--

SL7
  x86_64
    wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm
    wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

- Scientific Linux Development Team