NetworkManager security update

2009-03-26T18:13:41
ID CESA-2009:0362
Type centos
Reporter CentOS Project
Modified 2009-05-22T23:01:52

Description

CentOS Errata and Security Advisory CESA-2009:0362

NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.

An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365)

Red Hat would like to thank Ludwig Nussel for responsibly reporting this flaw.

NetworkManager users should upgrade to these updated packages, which contain a backported patch that corrects this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-March/015699.html http://lists.centos.org/pipermail/centos-announce/2009-May/015904.html http://lists.centos.org/pipermail/centos-announce/2009-May/015905.html

Affected packages: NetworkManager NetworkManager-gnome

Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-0362.html