You may have heard about KRACK (for “Key Reinstallation Attack”), a vulnerability in WPA2-protected Wi-Fi. This attack could let attackers decrypt, forge, or steal data, despite WPA2’s improved encryption capabilities. Fear not — fixes for Fedora packages are on their way to stable.
Guarding against KRACK
New wpa_supplicant packages contain the fix for Fedora 25, 26, and 27, as well as Rawhide. The maintainers have submitted them to the stable repos. They should show up within a day or so for most users.
To update your Fedora system, use this command once you configure sudo. Type your password at the prompt, if necessary.
sudo dnf update wpa_supplicant
Fedora provides worldwide mirrors at many download sites to better serve users. Some sites refresh their mirrors at different rates. If you don’t get an update right away, wait until later in the day.
If you’re worried about waiting until stable updates show up, use this process to get the packages. First, install the bodhi-client package:
sudo dnf install bodhi-client
Then note the build ID for your Fedora system:
- Fedora 27 prerelease: wpa_supplicant-2.6-11.fc27
- Fedora 26: wpa_supplicant-2.6-11.fc26
- Fedora 25: wpa_supplicant-2.6-3.fc25.1
Now download the packages for your system and update them. This example is for Fedora 26:
mkdir ~/krack-update && cd ~/krack-update bodhi updates download --builds wpa_supplicant-2.6-11.fc26 dnf update ./wpa_supplicant*.rpm
If your system is on Rawhide, run sudo dnf update to get the update.