NetworkManager security update

2009-04-0909:10:05

CentOS Project

lists.centos.org

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

CentOS Errata and Security Advisory CESA-2009:0361

NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.

An information disclosure flaw was found in NetworkManager’s D-Bus
interface. A local attacker could leverage this flaw to discover sensitive
information, such as network connection passwords and pre-shared keys.
(CVE-2009-0365)

A potential denial of service flaw was found in NetworkManager’s D-Bus
interface. A local user could leverage this flaw to modify local connection
settings, preventing the system’s network connection from functioning
properly. (CVE-2009-0578)

Red Hat would like to thank Ludwig Nussel for reporting these flaws
responsibly.

Users of NetworkManager should upgrade to these updated packages which
contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-April/077904.html
https://lists.centos.org/pipermail/centos-announce/2009-April/077905.html

Affected packages:
NetworkManager
NetworkManager-devel
NetworkManager-glib
NetworkManager-glib-devel
NetworkManager-gnome

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0361

OSVersionArchitecturePackageVersionFilename
CentOS5i386networkmanager< 0.7.0-4.el5_3NetworkManager-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-devel< 0.7.0-4.el5_3NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-glib< 0.7.0-4.el5_3NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-glib-devel< 0.7.0-4.el5_3NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-gnome< 0.7.0-4.el5_3NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager< 0.7.0-4.el5_3NetworkManager-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-devel< 0.7.0-4.el5_3NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-glib< 0.7.0-4.el5_3NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-glib-devel< 0.7.0-4.el5_3NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
CentOS5i386networkmanager-gnome< 0.7.0-4.el5_3NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	networkmanager	< 0.7.0-4.el5_3	NetworkManager-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-devel	< 0.7.0-4.el5_3	NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-glib	< 0.7.0-4.el5_3	NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-glib-devel	< 0.7.0-4.el5_3	NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-gnome	< 0.7.0-4.el5_3	NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager	< 0.7.0-4.el5_3	NetworkManager-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-devel	< 0.7.0-4.el5_3	NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-glib	< 0.7.0-4.el5_3	NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-glib-devel	< 0.7.0-4.el5_3	NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
CentOS	5	i386	networkmanager-gnome	< 0.7.0-4.el5_3	NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm