For those who care:

I've patched the EL6 package wpa_supplicant-0.7.3-9.el6_9.2.src.rpm so that it can be built on RHEL5/CentOS5 to fix the KRACKs issues there. Patch for the extracted sources is attached.

Please note that according to this https://access.redhat.com/security/vulnerabilities/kracks RedHat is not going to fix this for Red Hat Enterprise Linux 5 ELS.

Feedback welcome if you find any issues using it in your environment.

Regards, Simon