Firmware Updates for KRACK WPA2 Vulnerability

[xhdix]

Espressif has released updates for ESP-IDF, ESP8266 RTOS SDK, & ESP8266 NONOS SDK on their Github page.

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

https://www.krackattacks.com

When will you be upgraded?

[igrr]

Already updated in e049032, pre-release 2.4.0-rc2 contains the patch.

[SwiCago]

Thank you @igrr and espressif team in getting the patch out there so fast. We appreciate the hard work you guys do!

[Mr-iX]

Is there an estimated release date for a final/stable version that contains the KRACK fix?

[llamontjr]

@igrr - I saw in your referenced commit above a comment that the version brought in was v2.1.0-10-g509eae8, however, don't we need v2.1.0-13-gb762ea2? My apologies if I've missed something here.

[igrr]

Sorry, i must have forgotten to update version number when squashing the commits (previous version of the SDK branch indeed had 509eae8).
I have double checked the libraries and they are indeed from b762ea2.

That being said, it would be good if someone could run the attack against 2.4.0-rc2 to confirm that the issue is indeed fixed. Any takers?

Will update VERSION file in the SDK directory next week, as there is another follow-up fix coming to NONOS_SDK. The fix for KRACK introduced a regression seen with some models of APs.

[devyte]

@igrr if rc2 contains the patch, is this considered staged, or should it just be closed?