NetworkManager security update

2010-02-2300:09:27

CentOS Project

lists.centos.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.014

Percentile

86.5%

JSON

CentOS Errata and Security Advisory CESA-2010:0108

NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.

A missing network certificate verification flaw was found in
NetworkManager. If a user created a WPA Enterprise or 802.1x wireless
network connection that was verified using a Certificate Authority (CA)
certificate, and then later removed that CA certificate file,
NetworkManager failed to verify the identity of the network on the
following connection attempts. In these situations, a malicious wireless
network spoofing the original network could trick a user into disclosing
authentication credentials or communicating over an untrusted network.
(CVE-2009-4144)

An information disclosure flaw was found in NetworkManager’s
nm-connection-editor D-Bus interface. If a user edited network connection
options using nm-connection-editor, a summary of those changes was
broadcasted over the D-Bus message bus, possibly disclosing sensitive
information (such as wireless network authentication credentials) to other
local users. (CVE-2009-4145)

Users of NetworkManager should upgrade to these updated packages, which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-February/078683.html
https://lists.centos.org/pipermail/centos-announce/2010-February/078684.html

Affected packages:
NetworkManager
NetworkManager-devel
NetworkManager-glib
NetworkManager-glib-devel
NetworkManager-gnome

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0108

OSVersionArchitecturePackageVersionFilename
CentOS5i386networkmanager< 0.7.0-9.el5_4NetworkManager-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-devel< 0.7.0-9.el5_4NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-glib< 0.7.0-9.el5_4NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-glib-devel< 0.7.0-9.el5_4NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-gnome< 0.7.0-9.el5_4NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager< 0.7.0-9.el5_4NetworkManager-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-devel< 0.7.0-9.el5_4NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-glib< 0.7.0-9.el5_4NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-glib-devel< 0.7.0-9.el5_4NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
CentOS5i386networkmanager-gnome< 0.7.0-9.el5_4NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	networkmanager	< 0.7.0-9.el5_4	NetworkManager-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-devel	< 0.7.0-9.el5_4	NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-glib	< 0.7.0-9.el5_4	NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-glib-devel	< 0.7.0-9.el5_4	NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-gnome	< 0.7.0-9.el5_4	NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager	< 0.7.0-9.el5_4	NetworkManager-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-devel	< 0.7.0-9.el5_4	NetworkManager-devel-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-glib	< 0.7.0-9.el5_4	NetworkManager-glib-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-glib-devel	< 0.7.0-9.el5_4	NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm
CentOS	5	i386	networkmanager-gnome	< 0.7.0-9.el5_4	NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm