Author Topic: redhat linux security  (Read 645 times)

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
redhat linux security
« on: April 11, 2018, 10:18:04 PM »
it looks like red hat is doing some major patching of its os. i have been receiving about 20 emails a day about this since yesterday
Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11

Offline jdaniele

  • Administrator
  • Sr. Member
  • *****
  • Posts: 1289
  • Never stop questioning
    • View Profile
    • JeremyDaniele.com
Re: redhat linux security
« Reply #1 on: April 11, 2018, 10:18:32 PM »
"The true sign of intelligence is not knowledge but imagination." - Albert Einstein

Offline andyassur

  • Administrator
  • Heavy Contributor
  • *****
  • Posts: 673
    • View Profile
Re: redhat linux security
« Reply #2 on: April 11, 2018, 10:19:14 PM »
Is it anything to do with the WPA2 flaw?

http://jdtechservices.xp3.biz/jdaniele/forums/index.php?topic=21.0

one of 29 emails was about wpa


The following Red Hat Security Advisory has been published which may affect
subscriptions which you have purchased.


RHSA-2017:2907 Important: wpa_supplicant security update


Summary:

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.

Full details and references:

https://access.redhat.com/errata/RHSA-2017:2907?sc_cid=701600000006NHXAA2

CVE Names:

CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088

Revision History:

Issue Date: 2017-10-17
Updated:    2017-10-17

Thirty spokes are joined in the wheel's hub.
The hole in the middle makes it useful.

...the value comes from what is there,
But the use comes from what is not there.

-Tao Te Ching  chapter 11