Over the past day, it was revealed that there was an exploit in the wireless protocol, WPA2. While many devices won’t receive a patch to remedy the problem (we’re looking at you Android!), some systems have already started receiving the patch. Debian Linux and all of its off-shoots including Ubuntu and Linux Mint have received patches for the vulnerabilities in the last couple of hours.
Fixes for the following Common Vulnerabilities and Exposures (CVE) were issued:
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
According to the Debian Project, its Jessie (security), Stretch (security), and the Sid branches have received a fix for this issue. Debian 7 Wheezy is still listed as vulnerable, however, a group of volunteers still patches that release, so if it hasn’t already received the updated WPA package yet, it soon should.
Debian’s patch came hot on the heels of the public announcement about the vulnerability, it’s probable that the project was warned ahead of the announcement in order to prepare a patch. Microsoft was warned of the issue several days ago.
In its FAQ, Microsoft states:
Microsoft released security updates on October 10, 2017 as part of Update Tuesday to resolve this vulnerability in all affected editions of Windows. Customers who have Windows Update enabled and who applied the latest security updates are protected automatically. The Security Update Guide was updated on October 16, 2017 to provide full disclosure on this vulnerability in accordance with a multi-vendor coordinated disclosure.
Apple and Google are both expected to deploy updates to their respective systems in the coming days and weeks; unfortunately, many other devices will go left un-patched due to bad support.
Source: Debian