Lucene search

CentOS ProjectCESA-2020:4003

HistoryOct 20, 2020 - 6:34 p.m.

NetworkManager security update

2020-10-2018:34:41

CentOS Project

lists.centos.org

147

networkmanager

security

update

unauthenticated

vulnerability

fix

centos

cve-2020-10754

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

CentOS Errata and Security Advisory CESA-2020:4003

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.

Security Fix(es):

NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults (CVE-2020-10754)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032855.html

Affected packages:
NetworkManager
NetworkManager-adsl
NetworkManager-bluetooth
NetworkManager-config-server
NetworkManager-dispatcher-routing-rules
NetworkManager-glib
NetworkManager-glib-devel
NetworkManager-libnm
NetworkManager-libnm-devel
NetworkManager-ovs
NetworkManager-ppp
NetworkManager-team
NetworkManager-tui
NetworkManager-wifi
NetworkManager-wwan

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:4003

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64networkmanager< 1.18.8-1.el7NetworkManager-1.18.8-1.el7.x86_64.rpm
CentOS7x86_64networkmanager-adsl< 1.18.8-1.el7NetworkManager-adsl-1.18.8-1.el7.x86_64.rpm
CentOS7x86_64networkmanager-bluetooth< 1.18.8-1.el7NetworkManager-bluetooth-1.18.8-1.el7.x86_64.rpm
CentOS7noarchnetworkmanager-config-server< 1.18.8-1.el7NetworkManager-config-server-1.18.8-1.el7.noarch.rpm
CentOS7noarchnetworkmanager-dispatcher-routing-rules< 1.18.8-1.el7NetworkManager-dispatcher-routing-rules-1.18.8-1.el7.noarch.rpm
CentOS7i686networkmanager-glib< 1.18.8-1.el7NetworkManager-glib-1.18.8-1.el7.i686.rpm
CentOS7x86_64networkmanager-glib< 1.18.8-1.el7NetworkManager-glib-1.18.8-1.el7.x86_64.rpm
CentOS7i686networkmanager-glib-devel< 1.18.8-1.el7NetworkManager-glib-devel-1.18.8-1.el7.i686.rpm
CentOS7x86_64networkmanager-glib-devel< 1.18.8-1.el7NetworkManager-glib-devel-1.18.8-1.el7.x86_64.rpm
CentOS7i686networkmanager-libnm< 1.18.8-1.el7NetworkManager-libnm-1.18.8-1.el7.i686.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	networkmanager	< 1.18.8-1.el7	NetworkManager-1.18.8-1.el7.x86_64.rpm
CentOS	7	x86_64	networkmanager-adsl	< 1.18.8-1.el7	NetworkManager-adsl-1.18.8-1.el7.x86_64.rpm
CentOS	7	x86_64	networkmanager-bluetooth	< 1.18.8-1.el7	NetworkManager-bluetooth-1.18.8-1.el7.x86_64.rpm
CentOS	7	noarch	networkmanager-config-server	< 1.18.8-1.el7	NetworkManager-config-server-1.18.8-1.el7.noarch.rpm
CentOS	7	noarch	networkmanager-dispatcher-routing-rules	< 1.18.8-1.el7	NetworkManager-dispatcher-routing-rules-1.18.8-1.el7.noarch.rpm
CentOS	7	i686	networkmanager-glib	< 1.18.8-1.el7	NetworkManager-glib-1.18.8-1.el7.i686.rpm
CentOS	7	x86_64	networkmanager-glib	< 1.18.8-1.el7	NetworkManager-glib-1.18.8-1.el7.x86_64.rpm
CentOS	7	i686	networkmanager-glib-devel	< 1.18.8-1.el7	NetworkManager-glib-devel-1.18.8-1.el7.i686.rpm
CentOS	7	x86_64	networkmanager-glib-devel	< 1.18.8-1.el7	NetworkManager-glib-devel-1.18.8-1.el7.x86_64.rpm
CentOS	7	i686	networkmanager-libnm	< 1.18.8-1.el7	NetworkManager-libnm-1.18.8-1.el7.i686.rpm