Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2009-040-01
HistoryFeb 09, 2009 - 4:06 p.m.

wicd

2009-02-0916:06:50
Slackware Linux Project
www.slackware.com
10

0.0004 Low

EPSS

Percentile

5.7%

JSON

New wicd packages are available for Slackware 12.2 and -current to fix a
security issue with the D-Bus configuration file that could allow local
information disclosure (such as network credentials).

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489

Here are the details from the Slackware 12.2 ChangeLog:

patches/packages/wicd/wicd-1.5.9-noarch-1.tgz: Upgraded to wicd-1.5.9.
This fixes a security problem with the D-Bus configuration file that allows
local users to intercept D-Bus messages, possibly including wireless network
credentials.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/wicd-1.5.9-noarch-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/wicd/wicd-1.5.9-noarch-1.tgz

MD5 signatures:

Slackware 12.2 package:
503d6dd8cce8fe148d6799727a51f5a6 wicd-1.5.9-noarch-1_slack12.2.tgz

Slackware -current package:
f98aab4483d4aa1f6c16c4517e560b81 wicd-1.5.9-noarch-1.tgz

Installation instructions:

Kill any instances of wicd-client:
> killall wicd-client

Upgrade the package as root:
> upgradepkg wicd-1.5.9-noarch-1_slack12.2.tgz

Reload D-Bus:
> /etc/rc.d/rc.messagebus reload

Restart wicd:
> /etc/rc.d/rc.wicd restart

Finally, restart any stopped instances of wicd-client as the normal user(s).

Alternate approach: Upgrade the wicd package and reboot.

OSVersionArchitecturePackageVersionFilename
Slackware12.2noarchwicd<ย 1.5.9wicd-1.5.9-noarch-1_slack12.2.tgz

Related

prion 1
openvas 4
nessus 2
seebug 1
securityvulns 2
gentoo 1
cve 1
ubuntucve 1
debiancve 1
prion
prion
Default configuration
2009-02-09 20:30:00
openvas
openvas
Slackware Advisory SSA:2009-040-01 wicd
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2009-040-01)
2012-09-10 00:00:00
Gentoo Security Advisory GLSA 200904-12 (wicd)
2009-04-15 00:00:00
nessus
nessus
Slackware 12.2 / current : wicd (SSA:2009-040-01)
2009-02-12 00:00:00
GLSA-200904-12 : Wicd: Information disclosure
2009-04-11 00:00:00
seebug
seebug
Wicd wicd.conf้ป˜่ฎค้…็ฝฎๆœฌๅœฐไฟกๆฏๆณ„้œฒๆผๆดž
2009-04-13 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200904-12 ] Wicd: Information disclosure
2009-04-12 00:00:00
Wicd information leak
2009-04-12 00:00:00
gentoo
gentoo
Wicd: Information disclosure
2009-04-10 00:00:00
cve
cve
CVE-2009-0489
2009-02-09 20:30:00
ubuntucve
ubuntucve
CVE-2009-0489
2009-02-09 00:00:00
debiancve
debiancve
CVE-2009-0489
2009-02-09 20:30:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSA-2009-040-01
prion1openvas4nessus2seebug1securityvulns2gentoo1cve1ubuntucve1debiancve1