Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat OpenShift Application Runtimes
      • Red Hat Quay
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • JBoss Development and Management
      • Back
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat JBoss Operations Network
      • Red Hat Developer Studio
    • JBoss Integration and Automation
      • Back
      • Red Hat JBoss Data Virtualization
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
      • Red Hat 3scale API Management
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Browse Certified Solutions
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • Español
    • Deutsch
    • Italiano
    • 한국어
    • Français
    • 日本語
    • Português
    • 中文 (中国)
    • русский
Red Hat Logo Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Tower
      • Red Hat Ansible Engine
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat Cloud Infrastructure
      • Red Hat Cloud Suite
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat OpenShift Application Runtimes
      • Red Hat Quay
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • JBoss Development and Management
      • Back
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat JBoss Operations Network
      • Red Hat Developer Studio
    • JBoss Integration and Automation
      • Back
      • Red Hat JBoss Data Virtualization
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
      • Red Hat 3scale API Management
    • Mobile
      • Back
      • Red Hat Mobile Application Platform
    • Support
    • Production Support
    • Development Support
    • Product Life Cycle & Update Policies
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem
    • Browse Certified Solutions
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • Español
    • Deutsch
    • Italiano
    • 한국어
    • Français
    • 日本語
    • Português
    • 中文 (中国)
    • русский
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Troubleshooting an issue? Try Solution Engine—our new support tool.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • Español
  • Deutsch
  • Italiano
  • 한국어
  • Français
  • 日本語
  • Português
  • 中文 (中国)
  • русский
Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • JBoss Development and Management

  • JBoss Integration and Automation

  • Mobile

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Tower
  • Red Hat Ansible Engine
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat Cloud Infrastructure
  • Red Hat Cloud Suite
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat OpenShift Application Runtimes
  • Red Hat Quay
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat JBoss Operations Network
  • Red Hat Developer Studio
  • Red Hat JBoss Data Virtualization
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
  • Red Hat 3scale API Management
  • Red Hat Mobile Application Platform
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycle & Update Policies

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem
  • Browse Certified Solutions
  • Partner Resources

Red Hat in the Public Cloud

Keep the support and benefits of a Red Hat subscription when you move to the public cloud.

Instructions

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting
  • Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses for high-priority security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2017:2911 - Security Advisory
Issued:
2017-10-18
Updated:
2017-10-18

RHSA-2017:2911 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: wpa_supplicant security update

Type/Severity

Security Advisory: Important

Topic

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

Security Fix(es):

  • A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)

Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
  • BZ - 1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake
  • BZ - 1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake
  • BZ - 1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

CVEs

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13080
  • CVE-2017-13087

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/kracks
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
x86_64
wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: 7461097f1a9fcbd8a7b901ac7d6e8062b45a530354ad1b48c9e979f1aa758bd1
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: aae2f510d1ba9f0f88aada663e0667d402756eab64992dcbe07ca1ae1270da0a
i386
wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm SHA-256: 6277a96e64ed754ba185cbdc7bbdced9a43ddfbfb157a3a607e7d5156df1e35f
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm SHA-256: fa54ed0d8a926d2ab9374cb8133f5da94bf8ed191589fb85385db56428928665

Red Hat Enterprise Linux Workstation 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
x86_64
wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: 7461097f1a9fcbd8a7b901ac7d6e8062b45a530354ad1b48c9e979f1aa758bd1
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: aae2f510d1ba9f0f88aada663e0667d402756eab64992dcbe07ca1ae1270da0a
i386
wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm SHA-256: 6277a96e64ed754ba185cbdc7bbdced9a43ddfbfb157a3a607e7d5156df1e35f
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm SHA-256: fa54ed0d8a926d2ab9374cb8133f5da94bf8ed191589fb85385db56428928665

Red Hat Enterprise Linux Desktop 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
x86_64
wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: 7461097f1a9fcbd8a7b901ac7d6e8062b45a530354ad1b48c9e979f1aa758bd1
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: aae2f510d1ba9f0f88aada663e0667d402756eab64992dcbe07ca1ae1270da0a
i386
wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm SHA-256: 6277a96e64ed754ba185cbdc7bbdced9a43ddfbfb157a3a607e7d5156df1e35f
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.i686.rpm SHA-256: fa54ed0d8a926d2ab9374cb8133f5da94bf8ed191589fb85385db56428928665

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
s390x
wpa_supplicant-0.7.3-9.el6_9.2.s390x.rpm SHA-256: a004bd737ac2307d4049ec2a3f9f733ddddbaae9c81634a48ecc527b09739b48
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.s390x.rpm SHA-256: c2fcb2b74d236e47f42db705fb3db6ea3f5741e6acbd49bea3c09dbccb3c958f

Red Hat Enterprise Linux for Power, big endian 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
ppc64
wpa_supplicant-0.7.3-9.el6_9.2.ppc64.rpm SHA-256: 90af568df206abbc747450d1a04252f42830c8d3506b5bd8dcf7102032817f33
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.ppc64.rpm SHA-256: 04968119526ccf26fd1bf0c581ef8ac7b60987581d9e7e32db28e27a62adb38a

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
wpa_supplicant-0.7.3-9.el6_9.2.src.rpm SHA-256: 90f072c58c752d9ab16ad8fd79636efc556907eb9d258f1d2a7aae291ea0a8e4
x86_64
wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: 7461097f1a9fcbd8a7b901ac7d6e8062b45a530354ad1b48c9e979f1aa758bd1
wpa_supplicant-debuginfo-0.7.3-9.el6_9.2.x86_64.rpm SHA-256: aae2f510d1ba9f0f88aada663e0667d402756eab64992dcbe07ca1ae1270da0a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • openshift.com
  • developers.redhat.com
  • connect.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2019 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter Facebook