You will all have heard now about the very serious WPA-2 KRACK vulnerability, also in Linux, raspbian and therefore in the Volumio distro. In I suppose that this has the attention of the development team. In Jessy and Stretch this has been resolved now. When can we expect the update in Volumio?
Thanks!
New version released for PI, X86 will hopefully follow soon
Linux worked swiftly and released KRACK Wi-Fi Patches updates for Ubuntu 14.04+, Arch, OpenBSD, Debian, Gentoo, and Linux upstream.
Source: PureVPN
We already released a pi version which addresses the issue.
And we published our response in the vendor response matrix available here:
github.com/kristate/krackinfo
I am unsure if i ran into a general issue, misunderstoood the solution “New version released for PI” or ran ito a special problem on my host:
After updating my RPI3 from a 1 week old install of ver 2.285 to ver 2.296 via WebUI today I still saw the vulnerable wpa_supplicant version on my host:
root@volumio:/home/volumio# dpkg -l | grep wpasupplicant
ii wpasupplicant 2.3-1+deb8u4 armhf client support for WPA and WPA2 (IEEE 802.11i)
What i did to resolve this was:
root@volumio:/home/volumio# sudo apt-get update
root@volumio:/home/volumio# apt-get install wpasupplicant
In my understanding this resolved the KRACK vulnerability issue on my host (wpasupplicant was 2.3-1+deb8u4 and is now 2.3-1+deb8u5:
root@volumio:/home/volumio# dpkg -l | grep wpasupplicant
ii wpasupplicant 2.3-1+deb8u5 armhf client support for WPA and WPA2 (IEEE 802.11i)
This seems to be the Fixed version for Jessie: https://packages.debian.org/search?searchon=sourcenames&keywords=wpa
Did I do it the the correct way?
Does the Update via WebUI normally resolve the KRACK issue and something went wrong only in my case?
Or should I have done a fresh install of VOLUMIO 2.296 to get the KRACK issue resolved?
WPA-2 Vulnerability KRACK - unsolved?
Hi there,
am I the only one, seeing OTA update not updating the wpasupplicant package?
No response on my latest reply but over 300 views.
I did an OTA update on a 2nd System today (raspi 2, volumio ver 2.285 to ver 2.296).
Same results as last Sunday - The wpasupplicant is stil ver 2.3-1+deb8u4
(KRACK vulnerability was fixed in 2.3-1+deb8u5)
Am I missing something? Any logs I could look into? Normal beahviour?
Thanks for any Feedback.
Tom
edit: Crossposted in DEV/Bug reports wpa2-krack-vulnerability-solved-via-ota-update-t7902.html