Subject: | |
From: | |
Reply To: | |
Date: | Tue, 16 Feb 2010 15:27:49 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: NetworkManager security update
Issue date: 2010-02-16
CVE Names: CVE-2009-4144 CVE-2009-4145
CVE-2009-4145 NetworkManager: information disclosure by nm-connection-editor
CVE-2009-4144 NetworkManager: WPA enterprise network not verified when
certificate is removed
A missing network certificate verification flaw was found in
NetworkManager. If a user created a WPA Enterprise or 802.1x wireless
network connection that was verified using a Certificate Authority (CA)
certificate, and then later removed that CA certificate file,
NetworkManager failed to verify the identity of the network on the
following connection attempts. In these situations, a malicious wireless
network spoofing the original network could trick a user into disclosing
authentication credentials or communicating over an untrusted network.
(CVE-2009-4144)
An information disclosure flaw was found in NetworkManager's
nm-connection-editor D-Bus interface. If a user edited network
connection options using nm-connection-editor, a summary of those
changes was broadcasted over the D-Bus message bus, possibly disclosing
sensitive information (such as wireless network authentication
credentials) to other local users. (CVE-2009-4145)
SL 5.x
SRPMS:
NetworkManager-0.7.0-9.el5_4.src.rpm
i386:
NetworkManager-0.7.0-9.el5_4.i386.rpm
NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm
x86_64:
NetworkManager-0.7.0-9.el5_4.i386.rpm
NetworkManager-0.7.0-9.el5_4.x86_64.rpm
NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
NetworkManager-devel-0.7.0-9.el5_4.x86_64.rpm
NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
NetworkManager-glib-0.7.0-9.el5_4.x86_64.rpm
NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
NetworkManager-glib-devel-0.7.0-9.el5_4.x86_64.rpm
NetworkManager-gnome-0.7.0-9.el5_4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|