Today a list of very serious problems in the WPA2 protocol has been discovered: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, etc.
All these bugs open the way to an attack of the “man in the middle” type.
I’d wish to ask to the developers when, and for which devices, an update with the patched wpa_supplicant (version 1:2.6-11) will be released.
I think this is a very serious bug that should be patched as soon as possible.
As soon as the patched wpa_supplicant (and probably hostapd as well) will make it into raspbian jessie repo, Volumio will incorporate the new version as default in the next version. No ETA at the moment
UPDATE: It seems that Raspbian has already updated the impacted packages, we are going to deploy a security update release this week
And what about the PC version?
We’re working on finishing the kernel updater on it, no ETA yet
Perfect, thank you so much for the fast reaction!
Imagine my pleasure in finding the RPi version updated and released. Kudos!
Perfect!
Thank you for the fast release.