[LEDE-DEV] KRACK (Key Reinstallation Attacks), now patched upstream in hostapd
stijn at linux-ipv6.be
Wed Oct 18 04:21:58 PDT 2017
On 18-10-17 14:20, Aaron Z wrote:
> On Tue, Oct 17, 2017 at 10:28 PM, Stijn Tintel <stijn at linux-ipv6.be> wrote:
>> On 18-10-17 01:40, Aaron Z wrote:
>>> On Tue, Oct 17, 2017 at 3:24 AM, Felix Fietkau <nbd at nbd.name> wrote:
>>>> On 2017-10-17 01:53, Jim Gettys wrote:
>>>>> Will this require a upgrade of the base image, or can we just upgrade
>>>>> packages? If so,
>>>>> which ones?
>>>>> - Jim
>>>> Updating wpad(-mini) should be enough.
>>> Is the base image now updated, or would one still need to update wpad
>>> after installing a freshly downloaded 17.01.3 image?
>>> I ask because the packages have an edit date of today while the base
>>> image is dated 4 Oct.
>>> If the base image hasn't been updated, I would think that it should be
>>> so that fresh installs are protected going forward.
>> Updating release binaries is very bad practice and should never be done.
>> Please wait for 17.01.4, which will include the fixes.
> Is there a projected release date for 17.01.4? If not, IMO there
> should be a banner for the LEDE Wiki (and the download page?) letting
> people know that they need to update wpad ASAP after a new install.
17.01.4 is building. I expect it to be ready in ~4h.
More information about the Lede-dev