Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in NetworkManager
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in NetworkManager
ID: FEDORA-2011-8612
Distribution: Fedora
Plattformen: Fedora 14
Datum: Fr, 12. August 2011, 20:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2176
Applikationen: NetworkManager

Originalnachricht

 
Name        : NetworkManager
Product     : Fedora 14
Version     : 0.8.4
Release     : 2.git20110622.fc14
URL         : http://www.gnome.org/projects/NetworkManager/
Summary     : Network connection manager and user applications
Description :
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when available.
It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and
provides VPN integration with a variety of different VPN services.

-------------------------------------------------------------------------------
-
Update Information:

This update fixes the security issue for creating shared WiFi networks.
It's been tracked by #709662 - CVE-2011-2176.

Before this update, NetworkManager didn't respect PolicyKit policies for
creating shared WiFi networks: actions
 org.freedesktop.network-manager-settings.system.wifi.share.open
and org.freedesktop.network-manager-settings.system.wifi.share.protected in
/usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy file
.
Thus, users could create shared WiFi networks even if it was disabled via the
 PolicyKit setting.
This update fixes this issue. Be aware, that the default policies still allow
 creating shared WiFi
networks. You should modify <allow_active>yes</allow_active> to
 <allow_active>auth_admin</allow_active>
if you require authorization with root password, or to
 <allow_active>no</allow_active> to disallow
creating the networks altogether through the above PolicyKit actions.

In addition, this update fixes other bugs by updating NetworkManager to git
 snaphot as of 2011-06-22.
- core: fix up checks for s390 CTC device type (bgo #649025)
- core: recognize platform 'gadget' devices
- core: only send hostname without domain as host-name option (rh #694758)
- core: clear 'invalid' connection tag when cable is re-plugged
- core: fix crash requesting system VPN secrets (bgo #651710)
- core: add MAC address blacklisting feature for WiFi and ethernet connections
- core: allow _ as a valid character for GSM APNs
- wifi: always fix up Ad-Hoc frequency when connecting (rh #699203)
- keyfile: better handle cert/key files that don't exist (bgo #649807)
- keyfile: ignore .pem and .der file changes
- editor: improve usability for entering manual IP addresses and routes (rh
 #698199) (bgo #607678)
- editor: don't crash in edit_done_cb() when connection is invalid (rh
 #704848)
- editor: don't allow inserting 0.0.0.0 as destination and netmask for IPv4
 routes
- editor: allow _ as a valid character for GSM APNs
- applet: ensure entries activate default button if Enter is pressed (rh
 #622487)
- applet: add gsm registration status notification
- applet: filter APN entry characters in mobile-wizard
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jun 22 2011 Jiří Klimeš <jklimes@redhat.com> - 0.8.4-2.git20110622
- core: respect PolicyKit permissions for creating shared WiFi networks (rh
 #709662)
- core: fix up checks for s390 CTC device type (bgo #649025)
- core: recognize platform 'gadget' devices
- core: only send hostname without domain as host-name option (rh #694758)
- core: clear 'invalid' connection tag when cable is re-plugged
- core: fix crash requesting system VPN secrets (bgo #651710)
- core: add MAC address blacklisting feature for WiFi and ethernet connections
- core: allow _ as a valid character for GSM APNs
- wifi: always fix up Ad-Hoc frequency when connecting (rh #699203)
- keyfile: better handle cert/key files that don't exist (bgo #649807)
- keyfile: ignore .pem and .der file changes
- editor: improve usability for entering manual IP addresses and routes (rh
 #698199) (bgo #607678)
- editor: don't crash in edit_done_cb() when connection is invalid (rh
 #704848)
- editor: don't allow inserting 0.0.0.0 as destination and netmask for IPv4
 routes
- editor: allow _ as a valid character for GSM APNs
- applet: ensure entries activate default button if Enter is pressed (rh
 #622487)
- applet: add gsm registration status notification
- applet: filter APN entry characters in mobile-wizard
* Wed Apr 20 2011 Dan Williams <dcbw@redhat.com> - 0.8.4-1
- Update to 0.8.4
- core: fix crash starting VPN connections
- core: write usable DNS configuration on shutdown when local caching
 nameserver is used
- ifcfg-rh: fix writing out wifi connections changed from WPA to open (rh
 #695604)
* Thu Apr 14 2011 Dan Williams <dcbw@redhat.com> -
 0.8.3.999-2.git20110414
- fix location of nm-version.h again
* Thu Apr 14 2011 Dan Williams <dcbw@redhat.com> -
 0.8.3.999-1.git20110414
- Update to 0.8.3.999 (0.8.4-rc2)
- core: ensure correct supplicant options are used for wired 802.1x
- core: fix handling of S390/Hercules CTC network interfaces (rh #641986)
- core: fix handling of infinite IPv6 RDNSS timeouts (rh #689291)
- core: fix handling of WWAN enable/disable states
- core: support Easytether interfaces for Android phones
- editor: fix crash when scrolling through connection lists (rh #688844)
- applet: fix crash after using the wifi or wired secrets dialogs (rh #688535)
- applet: fix handling of "always ask" passwords (rh #692519) (rh
 #692578)
- editor: ensure all pages are sensitive after retrieving secrets (rh #670217)
- ifcfg-rh: fix handling of s390 CTC devices and configuration (rh #641986)
- ifcfg-rh: harmonize handling if IPADDR/PREFIX/NETMASK with initscripts (rh
 #658907)
* Thu Mar 24 2011 Dan Williams <dcbw@redhat.com> - 0.8.3.998-2
- nm-version.h should be in NetworkManager-devel, not -glib-devel (rh #685442)
* Fri Mar 18 2011 Dan Williams <dcbw@redhat.com> - 0.8.3.998-1
- Update to 0.8.3.998 (0.8.4-rc1)
- applet: don't overwrite already migrated certificate paths (rh #682288)
- core: fix some mistakenly invisible libnm-glib symbols
* Thu Mar  3 2011 Dan Williams <dcbw@redhat.com> - 0.8.3.997-1
- Update to 0.8.3.997 (0.8.4-beta3)
- editor: fix crash requesting VPN secrets (rh #680707)
- core: keep connection timestamps in lookaside file, not in /etc
* Fri Feb 25 2011 Dan Williams <dcbw@redhat.com> - 0.8.3.996-1
- Update to 0.8.3.996 (0.8.4-beta2)
- core: fix secrets handling (rh #680385)
* Thu Feb 24 2011 Dan Williams <dcbw@redhat.com> - 0.8.3.995-1
- Update to 0.8.3.995 (0.8.4-beta1)
- core: send hostname to DHCP server by default (rh #488975)
- core: fix updating resolv.conf (rh #672282)
- core: ensure devices are cleaned up when removed
- core: handle reverse DNS in local caching nameserver configurations
- core: IPv6 addressing, routing, and compliance fixes
- core: stop touching /etc/hosts (rh #648725)
- core: fix shutdown crashes (rh #676316)
- core: suppress messages about missing user settings service (rh #655322)
- core: seamless support for RFC3442 classless static routes (rh #639935)
- wifi: fix validity checks for Ad-Hoc APs (rh #632123)
- modem: fixes for T-Mobile Rocket 2.0 modems
- keyfile: ignore MAC address case for unmanaged-devices (rh #654714)
- ifcfg-rh: fix crash when writing connections with missing IPv4 settings (rh
 #655002)
- ifcfg-rh: allow missing or 0.0.0.0 GATEWAYx keys (rh #647992)
- ifcfg-rh: respect GATEWAYDEV for ibft/iSCSI configurations (rh #665027)
- ifcfg-rh: read/write IPv6 gateway correctly (rh #604334, rh #666078)
- ifcfg-rh: fix missing connections when an unmanaged interface is present
- applet: fix crashes related to missing icons (rh #657352)
- applet: show IPv6 details in Connection Information dialog (rh #591929)
* Wed Nov  3 2010 Dan Williams <dcbw@redhat.com> - 0.8.2-1
- Update to 0.8.2
* Mon Nov  1 2010 Dan Williams <dcbw@redhat.com> - 0.8.1-10
- core: preserve WiFi Enabled state across reboot and suspend/resume
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #709662 - CVE-2011-2176 NetworkManager: Did not honour PolicyKit
 auth_admin action element by creation of Ad-Hoc wireless networks
        https://bugzilla.redhat.com/show_bug.cgi?id=709662
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update NetworkManager' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung