24

According to this article a severe flaw in wpa2 protocol has been published making many systems using WiFi vulnerable to an attack. Should I be worried and has a patch been issued for Ubuntu?

amanusk
  • 1,576

1 Answers1

28

A fix has been issued as per USN-3455-1 . You should update your system with sudo apt-get update && sudo apt-get upgrade. The relevant versions for currently supported releases:

  • Ubuntu 17.04:
    hostapd 2.4-0ubuntu9.1
    wpasupplicant 2.4-0ubuntu9.1
  • Ubuntu 16.04 LTS:
    hostapd 2.4-0ubuntu6.2
    wpasupplicant 2.4-0ubuntu6.2
  • Ubuntu 14.04 LTS:
    hostapd 2.1-0ubuntu1.5
    wpasupplicant 2.1-0ubuntu1.5

You should see an update of wpasupplicant during the update. More information about the attack is available on the GitHub page.

muru
  • 197,895
  • 55
  • 485
  • 740
amanusk
  • 1,576
  • 1
    My Ubuntu 14.4 LTS does not show the minor version: `leder@gisela-E7220:~$ dpkg -l wpasupplicant

    ...

    ii wpasupplicant 2.1-0ubuntu1 amd64 client support for WPA and WPA2 ( `

     – Leder Oct 18 '17 at 09:40
  • @Leder Mine shows 2.1-0ubuntu1.5, so it seems you're missing the update. – wjandrea Oct 18 '17 at 17:12
  • 1
    How can I check if update is already installed? – abg Oct 20 '17 at 10:04
  • 9
    Run sudo apt-get changelog wpasupplicant. You should see something like SECURITY UPDATE: Multiple issues in WPA protocol - debian/patches/2017-1/*.patch: Add patches from Debian stretch - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 – amanusk Oct 20 '17 at 10:12