ID FEDORA_2015-7767.NASL Type nessus Reporter Tenable Modified 2015-10-19T00:00:00
Description
This is an update of NetworkManager, the VPN plugins, applet and connection editor to 1.0.2 stable release.
The update includes bug fixes, feature additions, translation updates and a fix for the CVE-2015-2924 denial of service security issue with low impact.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-7767.
#
include("compat.inc");
if (description)
{
script_id(83338);
script_version("$Revision: 2.2 $");
script_cvs_date("$Date: 2015/10/19 23:14:53 $");
script_cve_id("CVE-2015-2924");
script_xref(name:"FEDORA", value:"2015-7767");
script_name(english:"Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This is an update of NetworkManager, the VPN plugins, applet and
connection editor to 1.0.2 stable release.
The update includes bug fixes, feature additions, translation updates
and a fix for the CVE-2015-2924 denial of service security issue with
low impact.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1209902"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157798.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?21475616"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157799.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2d79896f"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157800.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?bef831cf"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157801.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?963d91ca"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157802.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2faa90e2"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?75df4d83"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager-openconnect");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager-openswan");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager-openvpn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager-vpnc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:network-manager-applet");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"NetworkManager-1.0.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"NetworkManager-openconnect-1.0.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"NetworkManager-openswan-1.0.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"NetworkManager-openvpn-1.0.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"NetworkManager-vpnc-1.0.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"network-manager-applet-1.0.2-1.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "NetworkManager / NetworkManager-openconnect / etc");
}
{"id": "FEDORA_2015-7767.NASL", "bulletinFamily": "scanner", "title": "Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)", "description": "This is an update of NetworkManager, the VPN plugins, applet and connection editor to 1.0.2 stable release.\n\nThe update includes bug fixes, feature additions, translation updates and a fix for the CVE-2015-2924 denial of service security issue with low impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-05-12T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83338", "reporter": "Tenable", "references": ["http://www.nessus.org/u?bef831cf", "https://bugzilla.redhat.com/show_bug.cgi?id=1209902", "http://www.nessus.org/u?21475616", "http://www.nessus.org/u?963d91ca", "http://www.nessus.org/u?75df4d83", "http://www.nessus.org/u?2faa90e2", "http://www.nessus.org/u?2d79896f"], "cvelist": ["CVE-2015-2924"], "type": "nessus", "lastseen": "2017-10-29T13:43:50", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2015-2924"], "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This is an update of NetworkManager, the VPN plugins, applet and connection editor to 1.0.2 stable release.\n\nThe update includes bug fixes, feature additions, translation updates and a fix for the CVE-2015-2924 denial of service security issue with low impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "c45059dea2cf30d83e9e0de99b53a388bb642ea269eecaaaeec49a4edf423c1f", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a3edbc17a2b32df65d173fe7f30401fa", "key": "href"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "b2e9ff2e1bd84d685dda36715e059597", "key": "cvss"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "04071206b4e5aa6fe6bcdc1c1130dc5e", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "492fef1c46c25312a9b725961aae50f2", "key": "title"}, {"hash": "dfa33f446e613fb203d83371100d2176", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "3420154de546c3d783ddaf6675e1e54e", "key": "cvelist"}, {"hash": "5e5411f8f92041543523ca0221c56045", "key": "sourceData"}, {"hash": "db81b7589bc5d35e16f1d0184ecfbab8", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=83338", "id": "FEDORA_2015-7767.NASL", "lastseen": "2016-09-26T17:26:10", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "83338", "published": "2015-05-12T00:00:00", "references": ["http://www.nessus.org/u?bef831cf", "https://bugzilla.redhat.com/show_bug.cgi?id=1209902", "http://www.nessus.org/u?21475616", "http://www.nessus.org/u?963d91ca", "http://www.nessus.org/u?75df4d83", "http://www.nessus.org/u?2faa90e2", "http://www.nessus.org/u?2d79896f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7767.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83338);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2015-2924\");\n script_xref(name:\"FEDORA\", value:\"2015-7767\");\n\n script_name(english:\"Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update of NetworkManager, the VPN plugins, applet and\nconnection editor to 1.0.2 stable release.\n\nThe update includes bug fixes, feature additions, translation updates\nand a fix for the CVE-2015-2924 denial of service security issue with\nlow impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1209902\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157798.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21475616\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157799.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d79896f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157800.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bef831cf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d91ca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2faa90e2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75df4d83\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openconnect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-vpnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:network-manager-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openconnect-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openswan-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openvpn-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-vpnc-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"network-manager-applet-1.0.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-openconnect / etc\");\n}\n", "title": "Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:10"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b30794d9e43f4612af5d3985f2224a18"}, {"key": "cvelist", "hash": "3420154de546c3d783ddaf6675e1e54e"}, {"key": "cvss", "hash": "b2e9ff2e1bd84d685dda36715e059597"}, {"key": "description", "hash": "db81b7589bc5d35e16f1d0184ecfbab8"}, {"key": "href", "hash": "a3edbc17a2b32df65d173fe7f30401fa"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "dfa33f446e613fb203d83371100d2176"}, {"key": "published", "hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269"}, {"key": "references", "hash": "04071206b4e5aa6fe6bcdc1c1130dc5e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "5e5411f8f92041543523ca0221c56045"}, {"key": "title", "hash": "492fef1c46c25312a9b725961aae50f2"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "307009f64fa9bd5bbc43cf0e06d253719d3a59280d47c08637dfc5525701b1a9", "viewCount": 2, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7767.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83338);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:53 $\");\n\n script_cve_id(\"CVE-2015-2924\");\n script_xref(name:\"FEDORA\", value:\"2015-7767\");\n\n script_name(english:\"Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update of NetworkManager, the VPN plugins, applet and\nconnection editor to 1.0.2 stable release.\n\nThe update includes bug fixes, feature additions, translation updates\nand a fix for the CVE-2015-2924 denial of service security issue with\nlow impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1209902\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157798.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21475616\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157799.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d79896f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157800.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bef831cf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d91ca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2faa90e2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75df4d83\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openconnect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-openvpn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:NetworkManager-vpnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:network-manager-applet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openconnect-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openswan-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-openvpn-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"NetworkManager-vpnc-1.0.2-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"network-manager-applet-1.0.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-openconnect / etc\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "83338", "cpe": ["p-cpe:/a:fedoraproject:fedora:NetworkManager-openconnect", "p-cpe:/a:fedoraproject:fedora:NetworkManager-vpnc", "p-cpe:/a:fedoraproject:fedora:NetworkManager-openvpn", "p-cpe:/a:fedoraproject:fedora:NetworkManager-openswan", "cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:network-manager-applet", "p-cpe:/a:fedoraproject:fedora:NetworkManager"]}
{"result": {"cve": [{"id": "CVE-2015-2924", "type": "cve", "title": "CVE-2015-2924", "description": "The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.", "published": "2015-11-16T16:59:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2924", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-04-18T15:56:37"}], "openvas": [{"id": "OPENVAS:1361412562310869671", "type": "openvas", "title": "Fedora Update for NetworkManager FEDORA-2015-7767", "description": "Check the version of NetworkManager", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869671", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:52:20"}, {"id": "OPENVAS:1361412562310869649", "type": "openvas", "title": "Fedora Update for NetworkManager-openconnect FEDORA-2015-7767", "description": "Check the version of NetworkManager-openconnect", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869649", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:52:29"}, {"id": "OPENVAS:1361412562310869510", "type": "openvas", "title": "Fedora Update for NetworkManager-openswan FEDORA-2015-7767", "description": "Check the version of NetworkManager-openswan", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869510", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:53:33"}, {"id": "OPENVAS:1361412562310869420", "type": "openvas", "title": "Fedora Update for NetworkManager FEDORA-2015-7623", "description": "Check the version of NetworkManager", "published": "2015-06-09T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869420", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:53:32"}, {"id": "OPENVAS:1361412562310121411", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201509-05", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201509-05", "published": "2015-09-29T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121411", "cvelist": ["CVE-2015-2924"], "lastseen": "2018-04-09T11:29:25"}, {"id": "OPENVAS:1361412562310869555", "type": "openvas", "title": "Fedora Update for NetworkManager-vpnc FEDORA-2015-7767", "description": "Check the version of NetworkManager-vpnc", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869555", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:53:05"}, {"id": "OPENVAS:1361412562310869533", "type": "openvas", "title": "Fedora Update for network-manager-applet FEDORA-2015-7767", "description": "Check the version of network-manager-applet", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869533", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:53:31"}, {"id": "OPENVAS:1361412562310869677", "type": "openvas", "title": "Fedora Update for NetworkManager-openvpn FEDORA-2015-7767", "description": "Check the version of NetworkManager-openvpn", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869677", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-07-25T10:53:07"}, {"id": "OPENVAS:1361412562310122782", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2315", "description": "Oracle Linux Local Security Checks ELSA-2015-2315", "published": "2015-11-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122782", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-07-24T12:53:21"}, {"id": "OPENVAS:1361412562310871481", "type": "openvas", "title": "RedHat Update for NetworkManager RHSA-2015:2315-01", "description": "Check the version of NetworkManager", "published": "2015-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871481", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-07-27T10:53:35"}], "nessus": [{"id": "GENTOO_GLSA-201509-05.NASL", "type": "nessus", "title": "GLSA-201509-05 : NetworkManager: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-201509-05 (NetworkManager: Denial of Service)\n\n IPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6 routes in NetworkManager.\n Impact :\n\n A remote attacker on the same network segment could cause a Denial of Service condition in NetworkManager Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-25T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86136", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-10-29T13:42:05"}, {"id": "FEDORA_2015-7623.NASL", "type": "nessus", "title": "Fedora 21 : NetworkManager-0.9.10.2-5.fc21 (2015-7623)", "description": "This update for NetworkManager fixes a number of bugs and a low-impact security issue for IPv6.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-05-18T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83504", "cvelist": ["CVE-2015-2924"], "lastseen": "2017-10-29T13:35:35"}, {"id": "CENTOS_RHSA-2015-2315.NASL", "type": "nessus", "title": "CentOS 7 : ModemManager / NetworkManager / NetworkManager-libreswan / network-manager-applet (CESA-2015:2315)", "description": "Updated NetworkManager packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nNetworkManager is a system network service that manages network devices and connections.\n\nIt was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. (CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions. (BZ#1177582, BZ#1243057)\n\nBugs :\n\n* It was not previously possible to set the Wi-Fi band to the 'a' or 'bg' values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's 'freq_list' option correctly, which enables proper Wi-Fi band locking. (BZ#1254461)\n\n* NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail. (BZ#1079353)\n\n* NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated.\nNow, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation. (BZ#1145988)\n\n* NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients. (BZ#1212597)\n\n* The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears. (BZ#1244048)\n\n* NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it. Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.\n(BZ#1264322)\n\nEnhancements :\n\n* IPv6 Privacy extensions are now enabled by default. NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to '/proc/sys/net/ipv6/conf/default/use_tempaddr' to determine and set IPv6 privacy settings at device activation.\n(BZ#1187525)\n\n* The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 ('none', 'disable', 'disabled').\n(BZ#1260584)\n\n* NetworkManager now provides information about metered connections.\n(BZ#1200452)\n\n* NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI. (BZ#1177582, BZ#1177860)\n\n* NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface.\n(BZ#1255927)\n\nNetworkManager users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "published": "2015-12-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87149", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-10-29T13:40:53"}, {"id": "ORACLELINUX_ELSA-2015-2315.NASL", "type": "nessus", "title": "Oracle Linux 7 : NetworkManager (ELSA-2015-2315)", "description": "From Red Hat Security Advisory 2015:2315 :\n\nUpdated NetworkManager packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nNetworkManager is a system network service that manages network devices and connections.\n\nIt was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. (CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions. (BZ#1177582, BZ#1243057)\n\nBugs :\n\n* It was not previously possible to set the Wi-Fi band to the 'a' or 'bg' values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's 'freq_list' option correctly, which enables proper Wi-Fi band locking. (BZ#1254461)\n\n* NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail. (BZ#1079353)\n\n* NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated.\nNow, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation. (BZ#1145988)\n\n* NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients. (BZ#1212597)\n\n* The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears. (BZ#1244048)\n\n* NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it. Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.\n(BZ#1264322)\n\nEnhancements :\n\n* IPv6 Privacy extensions are now enabled by default. NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to '/proc/sys/net/ipv6/conf/default/use_tempaddr' to determine and set IPv6 privacy settings at device activation.\n(BZ#1187525)\n\n* The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 ('none', 'disable', 'disabled').\n(BZ#1260584)\n\n* NetworkManager now provides information about metered connections.\n(BZ#1200452)\n\n* NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI. (BZ#1177582, BZ#1177860)\n\n* NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface.\n(BZ#1255927)\n\nNetworkManager users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "published": "2015-11-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87094", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-10-29T13:44:59"}, {"id": "SL_20151119_NETWORKMANAGER_ON_SL7_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : NetworkManager on SL7.x x86_64", "description": "It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. (CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions.\n\nBugs :\n\n - It was not previously possible to set the Wi-Fi band to the 'a' or 'bg' values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's 'freq_list' option correctly, which enables proper Wi-Fi band locking.\n\n - NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process.\n The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail.\n\n - NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated. Now, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation.\n\n - NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients.\n\n - The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears.\n\n - NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it. Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.\n\nEnhancements :\n\n - IPv6 Privacy extensions are now enabled by default.\n NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to '/proc/sys/net/ipv6/conf/default/use_tempaddr' to determine and set IPv6 privacy settings at device activation.\n\n - The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 ('none', 'disable', 'disabled').\n\n - NetworkManager now provides information about metered connections.\n\n - NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI.\n\n - NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface.", "published": "2015-12-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87548", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-10-29T13:38:20"}, {"id": "REDHAT-RHSA-2015-2315.NASL", "type": "nessus", "title": "RHEL 7 : NetworkManager (RHSA-2015:2315)", "description": "Updated NetworkManager packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nNetworkManager is a system network service that manages network devices and connections.\n\nIt was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. (CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions. (BZ#1177582, BZ#1243057)\n\nBugs :\n\n* It was not previously possible to set the Wi-Fi band to the 'a' or 'bg' values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's 'freq_list' option correctly, which enables proper Wi-Fi band locking. (BZ#1254461)\n\n* NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail. (BZ#1079353)\n\n* NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated.\nNow, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation. (BZ#1145988)\n\n* NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients. (BZ#1212597)\n\n* The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears. (BZ#1244048)\n\n* NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it. Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.\n(BZ#1264322)\n\nEnhancements :\n\n* IPv6 Privacy extensions are now enabled by default. NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to '/proc/sys/net/ipv6/conf/default/use_tempaddr' to determine and set IPv6 privacy settings at device activation.\n(BZ#1187525)\n\n* The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 ('none', 'disable', 'disabled').\n(BZ#1260584)\n\n* NetworkManager now provides information about metered connections.\n(BZ#1200452)\n\n* NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI. (BZ#1177582, BZ#1177860)\n\n* NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface.\n(BZ#1255927)\n\nNetworkManager users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "published": "2015-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86981", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-10-29T13:33:26"}], "gentoo": [{"id": "GLSA-201509-05", "type": "gentoo", "title": "NetworkManager: Denial of Service", "description": "### Background\n\nNetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. \n\n### Description\n\nIPv6 Neighbour Discovery ICMP broadcast containing a non-route with a low hop limit causes a Denial of Service by lowering the hop limit on existing IPv6 routes in NetworkManager. \n\n### Impact\n\nA remote attacker on the same network segment could cause a Denial of Service condition in NetworkManager \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NetworkManager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/networkmanager-1.0.2\"", "published": "2015-09-24T00:00:00", "cvss": {"score": 3.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201509-05", "cvelist": ["CVE-2015-2924"], "lastseen": "2016-09-06T19:46:27"}], "redhat": [{"id": "RHSA-2015:2315", "type": "redhat", "title": "(RHSA-2015:2315) Moderate: NetworkManager security, bug fix, and enhancement update", "description": "NetworkManager is a system network service that manages network devices\nand connections.\n\nIt was discovered that NetworkManager would set device MTUs based on MTU\nvalues received in IPv6 RAs (Router Advertisements), without sanity\nchecking the MTU value first. A remote attacker could exploit this flaw to\ncreate a denial of service attack, by sending a specially crafted IPv6 RA\npacket to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements.\nAn unprivileged user on a local network could use IPv6 Neighbor Discovery\nICMP to broadcast a non-route with a low hop limit, causing machines to\nlower the hop limit on existing IPv6 routes. If this limit is small enough,\nIPv6 packets would be dropped before reaching the final destination.\n(CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been\nupgraded to upstream versions 1.0.6, and provide a number of bug fixes and\nenhancements over the previous versions. (BZ#1177582, BZ#1243057)\n\nBugs:\n\n* It was not previously possible to set the Wi-Fi band to the \"a\" or \"bg\"\nvalues to lock to a specific frequency band. NetworkManager has been fixed,\nand it now sets the wpa_supplicant's \"freq_list\" option correctly, which\nenables proper Wi-Fi band locking. (BZ#1254461)\n\n* NetworkManager immediately failed activation of devices that did not have\na carrier early in the boot process. The legacy network.service then\nreported activation failure. Now, NetworkManager has a grace period during\nwhich it waits for the carrier to appear. Devices that have a carrier down\nfor a short time on system startup no longer cause the legacy\nnetwork.service to fail. (BZ#1079353)\n\n* NetworkManager brought down a team device if the teamd service managing\nit exited unexpectedly, and the team device was deactivated. Now,\nNetworkManager respawns the teamd instances that disappear and is able to\nrecover from a teamd failure avoiding disruption of the team device\noperation. (BZ#1145988)\n\n* NetworkManager did not send the FQDN DHCP option even if host name was\nset to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the\nDNS records for clients running NetworkManager. Now, NetworkManager sends\nthe FQDN option with DHCP requests, and the DHCP server is able to create\nDNS records for such clients. (BZ#1212597)\n\n* The command-line client was not validating the vlan.flags property\ncorrectly, and a spurious warning message was displayed when the nmcli tool\nworked with VLAN connections. The validation routine has been fixed, and\nthe warning message no longer appears. (BZ#1244048)\n\n* NetworkManager did not propagate a media access control (MAC) address\nchange from a bonding interface to a VLAN interface on top of it.\nConsequently, a VLAN interface on top of a bond used an incorrect MAC\naddress. Now, NetworkManager synchronizes the addresses correctly.\n(BZ#1264322)\n\nEnhancements:\n\n* IPv6 Privacy extensions are now enabled by default. NetworkManager checks\nthe per-network configuration files, NetworkManager.conf, and then falls\nback to \"/proc/sys/net/ipv6/conf/default/use_tempaddr\" to determine and set\nIPv6 privacy settings at device activation. (BZ#1187525)\n\n* The NetworkManager command-line tool, nmcli, now allows setting the\nwake-on-lan property to 0 (\"none\", \"disable\", \"disabled\"). (BZ#1260584)\n\n* NetworkManager now provides information about metered connections.\n(BZ#1200452)\n\n* NetworkManager daemon and the connection editor now support setting the\nMaximum Transmission Unit (MTU) of a bond. It is now possible to change MTU\nof a bond interface in a GUI. (BZ#1177582, BZ#1177860)\n\n* NetworkManager daemon and the connection editor now support setting the\nMTU of a team, allowing to change MTU of a teaming interface. (BZ#1255927)\n\nNetworkManager users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.", "published": "2015-11-19T18:34:47", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2315", "cvelist": ["CVE-2015-0272", "CVE-2015-2924"], "lastseen": "2018-04-15T14:24:50"}], "oraclelinux": [{"id": "ELSA-2015-2315", "type": "oraclelinux", "title": "NetworkManager security, bug fix, and enhancement update", "description": "ModemManager\n[1.1.0-8.git20130913]\n- rfcomm: don't open the ttys until NetworkManager connects them (rh #1251954)\n[1.1.0-7.git20130913]\n- iface-modem: fix MODEM_STATE_IS_INTERMEDIATE macro (rh #1200958)\nNetworkManager\n[1.0.6-27.0.1]\n- fix build error on i386\n[1:1.0.6-27]\n* build: update vala-tools build requirement (rh #1274000)\n[1:1.0.6-26]\n- wifi: emit NEW_BSS on ScanDone to update APs in Wi-Fi device (rh #1267327)\n[1:1.0.6-25]\n- vpn: cancel the secrets request on agent timeout (rh #1272023)\n- vpn: cancel the connect timer when vpn reconnects (rh #1272023)\n[1:1.0.6-24]\n- device: fix problem in not managing software devices (rh #1273879)\n[1:1.0.6-23]\n- wake-on-lan: ignore by default existing settings (rh #1270194)\n[1:1.0.6-22]\n- platform: fix detection of s390 CTC device (rh #1272974)\n- core: fix queuing activation while waiting for carrier (rh #1079353)\n[1:1.0.6-21]\n- core: fix invalid assertion in nm_clear_g_signal_handler() (rh #1183444)\n[1:1.0.6-20]\n- rebuild package\n[1:1.0.6-19]\n- device: fix race wrongly managing external-down device (2) (rh #1269199)\n[1:1.0.6-18]\n- device/vlan: update VLAN MAC address when parent's one changes\n[1:1.0.6-17]\n- dhcp6: destroy the lease when destroying a client (rh #1260727)\n- device: fix race wrongly managing external-down device (rh #1269199)\n[1:1.0.6-16]\n- device: silence spurious errors about activation schedule (rh #1269520)\n[1:1.0.6-15]\n- core: really fix enslaving team device to bridge (rh #1183444)\n[1:1.0.6-14]\n- platform: updating link cache when moving link to other netns (rh #1264361)\n- nmtui: fix possible crash during secret request (rh #1267672)\n- vpn: increase the plugin inactivity quit timer (rh #1268030)\n- core: fix enslaving team device to bridge (rh #1183444)\n[1:1.0.6-13]\n- vpn-connection: set the MTU for the VPN IP interface (rh #1267004)\n- modem-broadband: update modem's supported-ip-families (rh #1263959)\n- wifi: fix a crash in on_bss_proxy_acquired() (rh #1267462)\n[1:1.0.6-12]\n- core: increase IPv6LL DAD timeout to 15 seconds (rh #1101809)\n[1:1.0.6-11]\n- platform: better handle devices without permanent address (rh #1264024)\n[1:1.0.6-10]\n- dhcp: fix crash in internal DHCP client (rh #1260727)\n[1:1.0.6-9]\n- build: fix installing language files (rh #1265117)\n[1:1.0.6-8]\n- nmcli: allow creating ADSL connections with 'nmcli connection add' (rh #1264089)\n[1:1.0.6-7]\n- ifcfg-rh: ignore GATEWAY from network file for DHCP connections (rh #1262972)\n[1:1.0.6-6]\n- device: retry DHCP after timeout/expiration for assumed connections (rh #1246496)\n- device: retry creation of default connection after link is initialized (rh #1254089)\n[1:1.0.6-5]\n- config: add code comments to NetworkManager.conf file\n- iface-helper: enabled slaac/dhcp4 based on connection setting only (rh #1260243)\n- utils: avoid generation of duplicated assumed connection for veth devices (rh #1256430)\n- nmcli: improve handling of wake-on-lan property (rh #1260584)\n[1:1.0.6-4]\n- config: fix config-changed signal for s390x and ppc64 archs (rh #1062301)\n- device: fix handling ignore-auto-dns for IPv6 nameservers (rh #1261428)\n[1:1.0.6-3]\n- vpn: fix the tunelled VPN setup (rh #1238840)\n[1:1.0.6-2]\n- nmcli: fix argument parsing for config subcommand\n[1:1.0.6-1]\n- Align with the upstream 1.0.6 release:\n- device: add support for configuring Wake-On-Lan (rh #1141417)\n- device: don't disconnect after DHCP failure when there's static addresses (rh #1168388)\n- device: provide information about metered connections (rh #1200452)\n- device: fix an assert fail when cleaning up a slave connection (rh #1243371)\n- team: add support for setting MTU (rh #1255927)\n- config: avoid premature exit with configure-and-quit option (rh #1256772)\n[1:1.0.4-10]\n- supplicant: fix passing freq_list option to wpa_supplicant (rh #1254461)\n[1:1.0.4-9]\n- udev: fix call to ethtool in udev rules (rh #1247156)\n[1:1.0.4-8]\n- device: accept multiple addresses in a DHCPv6 lease (rh #1244293)\n[1:1.0.4-7]\n- device: fix a crash when unconfiguring a device (rh #1253744)\n[1:1.0.4-6]\n- ifcfg-rh: respect DEVTIMEOUT if link is not announced by udev yet (rh #1192633)\n[1:1.0.4-5]\n- core: avoid ethtool to autoload kernel module (rh #1247156)\n[1:1.0.4-4]\n- device: fix setting of a MTU (rh #1250019)\n[1:1.0.4-3]\n- daemon,libnm: fix handling of default routes for assumed connections (rh #1245648)\n[1:1.0.4-2]\n- cli: fix verifying flag-based properties (rh #1244048)\n[1:1.0.4-1]\n- Align with the upstream 1.0.4 release\n- Fix the libreswan plugin (rh #1238840)\n[1:1.0.4-0.2.git20150713.38bf2cb0]\n- vpn: send firewall zone to firewalld also for VPN connections (rh #1238124)\n[1:1.0.4-0.1.git20150713.38bf2cb0]\n- Update to a bit newer 1.0.4 git snapshot, to fix test failures\n- device: restart ping process when it exits with an error (rh #1128581)\n[1:1.0.3-2.git20150624.f245b49a]\n- config: allow rewriting resolv.conf on SIGUSR1 (rh #1062301)\n[1:1.0.3-1.git20150624.f245b49a]\n- Update to a bit newer 1.0.4 git snapshot, to fix test failures\n[1:1.0.3-1.git20150622.9c83d18d]\n- Update to a 1.0.4 git snapshot:\n- bond: add support for setting a MTU (rh #1177860)\n- core: delay initialization of the connection for devices without carrier at startup (rh #1079353)\n- route-manager: ensure the routes are set up properly with multiple interface in the same subnet (rh #1164441)\n- config: add support for reloading configuration (rh #1062301)\n- device: disallow ipv6.method=shared connections early during activation (rh #1183015)\n- device: don't save the newly added connection for a device until activation succeeds (rh #1174164)\n- rdisc: prevent solicitation loop for expiring DNS information (rh #1207730)\n- wifi: Indicate support of wireless radio bands (rh #1200451)\n- nmcli: Fix client hang upon multiple deletion attempts of the same connection (rh #1168657)\n- nmcli: Fix documentation for specifying a certificate path (rh #1182575)\n- device: add support for auto-connecting slave connection when activating a master (rh #1158529)\n- nmtui: Fix a crash when attempting an activation with no connection present (rh #1197203)\n- nmcli: Add auto-completion and hints for valid values in enumeration properties (rh #1034126)\n- core: load the the libnl library from the correct location (rh #1211859)\n- config: avoid duplicate connection UUIDs (rh #1171751)\n- device: enable IPv6 privacy extensions by default (rh #1187525)\n- device: fix handling if DHCP hostname for configure-and-quit (rh #1201497)\n- manager: reuse the device connection is active on when reactivating it (rh #1182085)\n- device: reject incorrect MTU settings from an IPv6 RA (rh #1194007)\n- default-route: allow preventing the connection to override externally configured default route (rh #1205405)\n- manager: reduce logging for interface activation (rh #1212196)\n- device: don't assume a connection for interfaces that only have an IPv6 link-local address (rh #1138426)\n- device: reject hop limits that are too low (CVE-2015-2924) (rh #1217090)\n[1:1.0.0-17.git20150121.b4ea599c]\n- dhclient: use fqdn.fqdn for server DDNS updates (rh #1212597)\nNetworkManager-libreswan\n[1.0.6-3]\n- Fix the pty hangup patch (rh #1271973)\n[1.0.6-2]\n- Fix recovery after failures (rh #1271973)\n[1.0.6-1]\n- Update to a newer upstream release (rh #1243057)\nnetwork-manager-applet\n[1.0.6-2]\n- libnm-gtk: fix a possible crash on widgets destroy (rh #1267326)\n - libnm-gtk: use symbolic icons for password store menu (rh #1267330)\n[1.0.6-1]\n- Align with the 1.0.6 upstream release:\n- editor: add support for setting MTU on team connections (rh #1255927)\n- editor: offer bond connections in vlan slave picker (rh #1255735)\n[1.0.4-1]\n- Align with the upstream release\n[1.0.3-2.git20150617.a0b0166]\n- New snapshot:\n- editor: let users edit connection.interface-name property (rh #1139536)\n[1.0.3-1.git20160615.28a0e28]\n- New snapshot:\n- applet: make new auto connections only available for current user (rh #1176042)\n- editor: allow forcing always-on-top windows for installer (rh #1097883)\n- editor: allow changing bond MTU (rh #1177582)\n- editor: use ifname instead of UUID in slaves' master property (rh #1083186)\n- editor: allow adding Bluetooth connections (rh #1229471)\n[1.0.0-3.git20150122.76569a46]\n- Drop gnome-bluetooth BR because it does not work with newer versions (rh #1174547)", "published": "2015-11-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-2315.html", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2016-09-04T11:15:56"}], "centos": [{"id": "CESA-2015:2315", "type": "centos", "title": "ModemManager, NetworkManager, libnm, network, nm security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2315\n\n\nNetworkManager is a system network service that manages network devices\nand connections.\n\nIt was discovered that NetworkManager would set device MTUs based on MTU\nvalues received in IPv6 RAs (Router Advertisements), without sanity\nchecking the MTU value first. A remote attacker could exploit this flaw to\ncreate a denial of service attack, by sending a specially crafted IPv6 RA\npacket to disturb IPv6 communication. (CVE-2015-0272)\n\nA flaw was found in the way NetworkManager handled router advertisements.\nAn unprivileged user on a local network could use IPv6 Neighbor Discovery\nICMP to broadcast a non-route with a low hop limit, causing machines to\nlower the hop limit on existing IPv6 routes. If this limit is small enough,\nIPv6 packets would be dropped before reaching the final destination.\n(CVE-2015-2924)\n\nThe network-manager-applet and NetworkManager-libreswan packages have been\nupgraded to upstream versions 1.0.6, and provide a number of bug fixes and\nenhancements over the previous versions. (BZ#1177582, BZ#1243057)\n\nBugs:\n\n* It was not previously possible to set the Wi-Fi band to the \"a\" or \"bg\"\nvalues to lock to a specific frequency band. NetworkManager has been fixed,\nand it now sets the wpa_supplicant's \"freq_list\" option correctly, which\nenables proper Wi-Fi band locking. (BZ#1254461)\n\n* NetworkManager immediately failed activation of devices that did not have\na carrier early in the boot process. The legacy network.service then\nreported activation failure. Now, NetworkManager has a grace period during\nwhich it waits for the carrier to appear. Devices that have a carrier down\nfor a short time on system startup no longer cause the legacy\nnetwork.service to fail. (BZ#1079353)\n\n* NetworkManager brought down a team device if the teamd service managing\nit exited unexpectedly, and the team device was deactivated. Now,\nNetworkManager respawns the teamd instances that disappear and is able to\nrecover from a teamd failure avoiding disruption of the team device\noperation. (BZ#1145988)\n\n* NetworkManager did not send the FQDN DHCP option even if host name was\nset to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the\nDNS records for clients running NetworkManager. Now, NetworkManager sends\nthe FQDN option with DHCP requests, and the DHCP server is able to create\nDNS records for such clients. (BZ#1212597)\n\n* The command-line client was not validating the vlan.flags property\ncorrectly, and a spurious warning message was displayed when the nmcli tool\nworked with VLAN connections. The validation routine has been fixed, and\nthe warning message no longer appears. (BZ#1244048)\n\n* NetworkManager did not propagate a media access control (MAC) address\nchange from a bonding interface to a VLAN interface on top of it.\nConsequently, a VLAN interface on top of a bond used an incorrect MAC\naddress. Now, NetworkManager synchronizes the addresses correctly.\n(BZ#1264322)\n\nEnhancements:\n\n* IPv6 Privacy extensions are now enabled by default. NetworkManager checks\nthe per-network configuration files, NetworkManager.conf, and then falls\nback to \"/proc/sys/net/ipv6/conf/default/use_tempaddr\" to determine and set\nIPv6 privacy settings at device activation. (BZ#1187525)\n\n* The NetworkManager command-line tool, nmcli, now allows setting the\nwake-on-lan property to 0 (\"none\", \"disable\", \"disabled\"). (BZ#1260584)\n\n* NetworkManager now provides information about metered connections.\n(BZ#1200452)\n\n* NetworkManager daemon and the connection editor now support setting the\nMaximum Transmission Unit (MTU) of a bond. It is now possible to change MTU\nof a bond interface in a GUI. (BZ#1177582, BZ#1177860)\n\n* NetworkManager daemon and the connection editor now support setting the\nMTU of a team, allowing to change MTU of a teaming interface. (BZ#1255927)\n\nNetworkManager users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002487.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002500.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002501.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002502.html\n\n**Affected packages:**\nModemManager\nModemManager-devel\nModemManager-glib\nModemManager-glib-devel\nModemManager-vala\nNetworkManager\nNetworkManager-adsl\nNetworkManager-bluetooth\nNetworkManager-config-routing-rules\nNetworkManager-config-server\nNetworkManager-devel\nNetworkManager-glib\nNetworkManager-glib-devel\nNetworkManager-libnm\nNetworkManager-libnm-devel\nNetworkManager-libreswan\nNetworkManager-libreswan-gnome\nNetworkManager-team\nNetworkManager-tui\nNetworkManager-wifi\nNetworkManager-wwan\nlibnm-gtk\nlibnm-gtk-devel\nnetwork-manager-applet\nnm-connection-editor\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2315.html", "published": "2015-11-30T19:44:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002487.html", "cvelist": ["CVE-2015-2924", "CVE-2015-0272"], "lastseen": "2017-10-03T18:24:49"}]}}