October 18, 2017

Ubuntu, Debian, Fedora and elementary OS All Patched Against WPA2 KRACK Bug

Linux Mint, Arch Linux and Solus are also patched.

As you are aware, there's a major WPA2 (Wi-Fi Protected Access II) security vulnerability in the wild, affecting virtually any device or operating system that uses the security protocol, including all GNU/Linux distributions.

Security researcher Mathy Vanhoef was the one to discover the WPA2 bug, which affects the wpa_supplicant and hostapd packages on Linux-based operating systems, allowing a remote attacker to obtain sensitive information like credit card numbers, passwords, usernames, etc. with key reinstallation attacks (a.k.a. KRACK).
This security issues alone is extremely important, and it's been documented over several CVEs, including CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088. Therefore, you need to update your systems immediately.
Canonical announced a few hours ago that it patched the security issue in the Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) releases, as well as all official derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu Budgie, Ubuntu Kylin, and Ubuntu Studio.
In their security notice, Canonical notes the fact that two other security vulnerabilities were patched, both discovered by Imre Rad. The first one (CVE-2016-4476) could allow a remote attacker to cause a denial of service because both wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters.
The second issue (CVE-2016-4477) could allow a local attacker to either execute arbitrary code or cause a denial of service because wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. These vulnerabilities affect all supported Ubuntu releases.
Debian, Fedora, Arch Linux, Linux Mint, Solus and elementary OS also patched
Of course, the wpa_supplicant and hostapd vulnerabilities mentioned above were also patched upstream, in Debian GNU/Linux, and the maintainers of the Ubuntu-based elementary OS and Linux Mint operating system also announced that they patched the issue, urging users to update their installations as soon as possible.
Fedora, Arch Linux and Solus operating systems have also been patched in the last few hours against the critical WPA2 security vulnerability, so, again, you are urged to update your installations immediately if you're using any of these distributions. Other distros may have updated the wpa_supplicant and hostapd packages too.

Source: http://news.softpedia.com/news/ubuntu-debian-fedora-and-elementary-os-all-patched-against-wpa2-krack-bug-518075.shtml