You may have heard about KRACK (for “Key Reinstallation Attack”), a vulnerability in WPA2-protected Wi-Fi. This attack could let attackers decrypt, forge, or steal data, despite WPA2’s improved encryption capabilities. Fear not — fixes for Fedora packages are on their way to stable.

Guarding against KRACK

New wpa_supplicant packages contain the fix for Fedora 25, 26, and 27, as well as Rawhide. The maintainers have submitted them to the stable repos. They should show up within a day or so for most users.

To update your Fedora system, use this command once you configure sudo. Type your password at the prompt, if necessary.

sudo dnf update wpa_supplicant

Fedora provides worldwide mirrors at many download sites to better serve users. Some sites refresh their mirrors at different rates. If you don’t get an update right away, wait until later in the day.

Updating immediately

If you’re worried about waiting until stable updates show up, use this process to get the packages. First, install the bodhi-client package:

sudo dnf install bodhi-client

Then note the build ID for your Fedora system:

  • Fedora 27 prerelease: wpa_supplicant-2.6-11.fc27
  • Fedora 26: wpa_supplicant-2.6-11.fc26
  • Fedora 25: wpa_supplicant-2.6-3.fc25.1

Now download the packages for your system and update them. This example is for Fedora 26:

mkdir ~/krack-update && cd ~/krack-update
bodhi updates download --builds wpa_supplicant-2.6-11.fc26
dnf update ./wpa_supplicant*.rpm

If your system is on Rawhide, run sudo dnf update to get the update.