Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in NetworkManager
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in NetworkManager
ID: FEDORA-2011-13388
Distribution: Fedora
Plattformen: Fedora 15
Datum: Fr, 30. September 2011, 12:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364
Applikationen: NetworkManager

Originalnachricht

 
Name        : NetworkManager
Product     : Fedora 15
Version     : 0.9.1.90
Release     : 1.git20110927.fc15
URL         : http://www.gnome.org/projects/NetworkManager/
Summary     : Network connection manager and user applications
Description :
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when available.
It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and
provides VPN integration with a variety of different VPN services.

-------------------------------------------------------------------------------
-
Update Information:

This update fixes security issue in ifcfg-rh plugin (CVE-2011-3364).
In addition, it updates to 0.9.1.90 featuring:
* ability to delete connections from nmcli
* correctly handles IPv6 link-local DNS servers when using the dnsmasq local
 caching nameserver plugin
* fixes connection timestamps for VPN connections
* fixes the path of iscsiadm
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Sep 27 2011 Jiří Klimeš <jklimes@redhat.com> -
 0.9.1.90-2.git20110927
- Update to 0.9.1.90 (0.9.2-beta1) + git snapshot
- core: ifcfg-rh: remove newlines when writing to ifcfg files (CVE-2011-3364)
 (rh #737338)
- core: change iscsiadm path to /sbin/iscsiadm in ifcfg-rh plugin (rh #740753)
- core: fix refcounting when deleting a default wired connection (lp:797868)
- core: fix IPv6 link-local DNS servers in the dnsmasq DNS plugin
- cli: add ability to delete connections
- keyfile: fix an issue with duplicated keyfile connections
- core: ensure the 'novj' option is passed through to pppd
- core: store timestamps for VPN connections too (rh #725353)
* Tue Aug 23 2011 Dan Williams <dcbw@redhat.com> - 0.9.0-1
- Update to 0.9 release
- core: fix issue where scan results could be ignored
- core: ensure agent secrets are preserved when updating connections
- core: don't autoconnect disabled modems
- core: fix race when checking modem enabled/disabled status after disabling
- core: ensure newly installed VPN plugins can actually talk to NM
- core: add support for 802.1X certificate subject matching
- libnm-glib: various introspection fixes
- ifcfg-rh: ensure changing NM_CONTROLLED works correctly (rh #727501)
- applet/editor: updated translations
* Thu Jul 21 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-6.git20110721
- core: updated Russian translation (rh #652904)
- core: fix possible crash if secrets are missing
- core: append interface name for IPv6 link-local DNS server addresses (rh
 #720001)
- core: fix setting hostname from DHCP options (rh #719100)
- libnm-util: GObject introspection annotation fixes
- libnm-util: ensure IP address/route prefixes are valid
- ifcfg-rh: read anonymous identity for 802.1x PEAP connections (rh #708436)
- applet: show notifications on CDMA home/roaming changes
- applet: fix various issues saving VPN secrets
- editor: allow exporting VPN secrets
- editor: default to IPv6 "automatic" addressing mode
* Sat Jul  2 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-5.git20110702
- core: ensure users are authorized for shared wifi connections (CVE-2011-2176)
 (rh #715492)
- core: retry failed connections after 5 minute timeout
- core: immediately request new 802.1x 'always ask' passwords if they
 fail
- core: add MAC blacklisting capability for WiFi and Wired connections
- core: retry failed connections when new users log in (rh #706204)
- applet: updated translations
- core: drop compat interface now that KDE bits are updated to NM 0.9 API
* Mon Jun 20 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-4.git20110620
- core: don't cache "(none)" hostname at startup (rh #706094)
- core: fix handling of VPN connections with only system-owned secrets
- core: fix optional waiting for networking at startup behavior (rh #710502)
- ifcfg-rh: fix possible crashes in error cases
- ifcfg-rh: fix various IPv4 and IPv6 handling issues
- applet: add notifications of GSM mobile broadband registration status
- editor: move secrets when making connections available to all users or
 private
- applet: don't show irrelevant options when asking for passwords
* Mon Jun 13 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-3.git20110613
- keyfile: better handling of missing certificates/private keys
- core: fix issues handling "always-ask" wired and WiFi 802.1x
 connections (rh #703785)
- core: fix automatic handling of hidden WiFi networks (rh #707406)
- editor: fix possible crash after reading network connections (rh #706906)
- editor: make Enter/Return key close WiFi password dialogs (rh #708666)
* Fri Jun  3 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-2.git20110531
- Bump for CVE-2011-1943 (no changes, only a rebuild)
* Tue May 31 2011 Dan Williams <dcbw@redhat.com> - 0.8.9997-1.git20110531
- editor: fix resizing of UI elements (rh #707269)
- core: retry wired connections when cable is replugged
- core: fix a few warnings and remove some left-over debugging code
* Thu May 26 2011 Dan Williams <dcbw@redhat.com> - 0.8.999-3.git20110526
- compat: fix activation/deactivation of VPN connections (rh #699786)
- core: fix autodetection of previously-used hidden wifi networks
- core: silence error if ConsoleKit database does not yet exist (rh #695617)
- core: fix Ad-Hoc frequency handling (rh #699203)
- core: fixes for migrated OpenConnect VPN plugin connections
- core: various fixes for VPN connection secrets handling
- core: send only short hostname to DHCP servers (rh #694758)
- core: better handling of PKCS#8 private keys
- core: fix dispatcher script interface name handling
- editor: fix potential crash when connection is invalid (rh #704848)
- editor: allow _ as a valid character for GSM APNs
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #737338 - CVE-2011-3364 NetworkManager: Console user can escalate
 to root via newlines in ifcfg-rh connection name
        https://bugzilla.redhat.com/show_bug.cgi?id=737338
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update NetworkManager' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung