WPA2 situation

[GooeyGirl]

Ugh, there's still soooo much stuff i don't know.

Not having had a clue about how to do that myself, i've now simply mimicked what you showed me:

Code:

gooeygirl@linux-Tower:~> cat /etc/os-release |grep VERSION_ID
VERSION_ID="20171007"


gooeygirl@linux-Tower:~> rpm -q --changelog wpa_supplicant | head -n 5
* Fri Apr 21 2017 obs@botter.cc
- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match
  eloop_signal_handler type (needed to build eapol_test via config)


* Fri Dec 23 2016 dwaas@suse.com


gooeygirl@linux-Tower:~>

Am i correct to infer that currently i am not patched, but that when i dup to 20171017 i will be? Oh, no, that can't be right either, coz you said

Nope,

Hmmmm.

[malcolmlewis]

Ugh, there's still soooo much stuff i don't know.

Not having had a clue about how to do that myself, i've now simply mimicked what you showed me:

Code:

gooeygirl@linux-Tower:~> cat /etc/os-release |grep VERSION_ID
VERSION_ID="20171007"


gooeygirl@linux-Tower:~> rpm -q --changelog wpa_supplicant | head -n 5
* Fri Apr 21 2017 obs@botter.cc
- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match
  eloop_signal_handler type (needed to build eapol_test via config)


* Fri Dec 23 2016 dwaas@suse.com


gooeygirl@linux-Tower:~>

Am i correct to infer that currently i am not patched, but that when i dup to 20171017 i will be? Oh, no, that can't be right either, coz you said Hmmmm.

Hi
The Nope was for not to assume anything

So my Tumbleweed is patched, yours isn't yet...

Your 3 or 4 snapshots behind....

[malcolmlewis]

Am i correct to infer that currently i am not patched, but that when i dup to 20171017 i will be? Oh, no, that can't be right either, coz you said Hmmmm.

Hi
So you have missed 20171009, 20171010, 20171013 and the latest 20171017.....

[GooeyGirl]

Not so much missed per se, as rather declined to bother doing my usual weekly dup. Why? Coz last week someone [might have been you, might have been someone else] mentioned something like "Plasma 5.11.1 will be out on Tuesday", & as i found stuff that does not work correctly in one of my test TW VMs that i had already upgraded to P5.11.0 as soon as it came available, i thought i'd just wait for 5.11.1 to arrive before duping my real TWs. Tues' been & gone. I read the MLs each morning looking for news of it, but still have not seen it. If not here by Sat i shall have to dup anyway i suppose, just to not be too far behind.

[GooeyGirl]

This is totally OT. Not wanting to make you blush or anything, but... how the %^$@ do you know all this stuff? It's amazing & i am constantly agog. You seem to know everything, & i feel constantly floundering. Thank goodness for your & the others' generosity !!

[Miuku]

Experience.

[nrickert]

Not so much missed per se, as rather declined to bother doing my usual weekly dup. Why?

There's nothing wrong with delaying updates. But when there is a fix for a known security issue, maybe it is time to bring your system up to date.

[GooeyGirl]

There's nothing wrong with delaying updates. But when there is a fix for a known security issue, maybe it is time to bring your system up to date.

As a general principle i completely agree with you. In the present specific case, additional to what i already posted, my thinking was as follows.

1. My primary pc is my Tower, & is in use all day every day, & often also long into many nights. This pc does not have WiFi; it connects to my modem exclusively via Ethernet cable. Hence, i presumed that this important patch will not actually do anything useful on this pc.
2. My secondary pc is my Laptop. There are exceptions, but generally speaking this pc is left Suspended during daylight hours, & i only wake it at nights when i want to stream Netflix. It of course does have WiFi, & that's how i connect it to my modem. Hence it would appear that this pc should be prioritised for the dup to get the patch. Yet i still have not done it. I was intending to do it yesterday, but then i had the following, completely fatalistic pessimistic realisation. Even if/when my Lappy is patched, my WiFi modem remains unpatched, & unpatchable [by me, at least]. Hence, patching my Lappy's WiFi does not actually protect me, does it? Why can't a putative "bad person" still "war drive" around my neighbourhood, sniff my WiFi network, & break into it through the modem by the exploits recently revealed? That is, why is patching my Lappy helpful, if the modem remains vulnerable anyway? In other words, i depressingly concluded that "I'm stuffed", until & unless i could afford to buy a better modem that is properly secure.
3. Is my logic defective? If yes, i would immediately do the dups, even if not yet at my normal weekly interval.

You may commence your communal laughter at my silliness & ignorance, now.

[malcolmlewis]

As a general principle i completely agree with you. In the present specific case, additional to what i already posted, my thinking was as follows.

1. My primary pc is my Tower, & is in use all day every day, & often also long into many nights. This pc does not have WiFi; it connects to my modem exclusively via Ethernet cable. Hence, i presumed that this important patch will not actually do anything useful on this pc.
2. My secondary pc is my Laptop. There are exceptions, but generally speaking this pc is left Suspended during daylight hours, & i only wake it at nights when i want to stream Netflix. It of course does have WiFi, & that's how i connect it to my modem. Hence it would appear that this pc should be prioritised for the dup to get the patch. Yet i still have not done it. I was intending to do it yesterday, but then i had the following, completely fatalistic pessimistic realisation. Even if/when my Lappy is patched, my WiFi modem remains unpatched, & unpatchable [by me, at least]. Hence, patching my Lappy's WiFi does not actually protect me, does it? Why can't a putative "bad person" still "war drive" around my neighbourhood, sniff my WiFi network, & break into it through the modem by the exploits recently revealed? That is, why is patching my Lappy helpful, if the modem remains vulnerable anyway? In other words, i depressingly concluded that "I'm stuffed", until & unless i could afford to buy a better modem that is properly secure.
3. Is my logic defective? If yes, i would immediately do the dups, even if not yet at my normal weekly interval.

You may commence your communal laughter at my silliness & ignorance, now.

Hi
Your system(s) your call, but if you look there is an update to 2071018 available, CVE's in the list. You need to review the ML post, then decide if the package is installed whether to update.

Is the modem your's or the ISP's? If yours, does it support openWRT?

[hendersj]

On Fri, 20 Oct 2017 01:56:02 +0000, malcolmlewis wrote:

> Is the modem your's or the ISP's? If yours, does it support openWRT?

Arguably, it'd not the modem - it'd be the router. <g>

(openWRT user here myself)

But my understanding of the WPA2 vuln is that it's a client-side issue,
so a change at the router isn't really going to address it. But I'll be
the first to admit I don't know everything about it, so I could be wrong
there (in which case, I need to get my router updated).

Jim
--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C