| Both sides previous revision Previous revision | Next revisionBoth sides next revision |
| releases:17.01:notes-17.01.4 [2017/10/20 00:00] – Make KRACK attack info more definitive richb-hanover | releases:17.01:notes-17.01.4 [2018/02/17 16:18] – ↷ Links adapted because of a move operation |
|---|
| While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side. | While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side. |
| **You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.** | **You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.** |
| Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi_configuration#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacks, slowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default. | Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi:start#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacks, slowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default. |
| |
| Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. | Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. |