Your message dated Sun, 02 May 2010 14:10:00 +0000
with message-id <[email protected]>
and subject line Bug#519801: fixed in network-manager 0.6.4-6+etch1
has caused the Debian Bug report #519801,
regarding CVE-2009-0365, CVE-2009-0578
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
519801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519801
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet:
CVE-2009-0365[1]:
The dbus request handler in (1) network-manager-applet and (2)
NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not
properly verify privileges, which allows local users to discover (a)
network connection passwords and (b) pre-shared keys via unspecified
queries.
CVE-2009-0578[2]:
network-manager-applet in Ubuntu 8.10 does not properly verify
privileges for dbus (1) modify and (2) delete requests, which allows
local users to change or remove the network connections of arbitrary
users via unspecified vectors.
These are already fixed in unstable, but I guess this should be fixed in
stable as well.
[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl
AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6
=9LWP
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: network-manager
Source-Version: 0.6.4-6+etch1
We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive:
libnm-glib-dev_0.6.4-6+etch1_i386.deb
to main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
libnm-glib0_0.6.4-6+etch1_i386.deb
to main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb
libnm-util-dev_0.6.4-6+etch1_i386.deb
to main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb
libnm-util0_0.6.4-6+etch1_i386.deb
to main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb
network-manager-dev_0.6.4-6+etch1_i386.deb
to main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb
network-manager-gnome_0.6.4-6+etch1_i386.deb
to main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb
network-manager_0.6.4-6+etch1.diff.gz
to main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
network-manager_0.6.4-6+etch1.dsc
to main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
network-manager_0.6.4-6+etch1_i386.deb
to main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 15 Dec 2009 23:31:58 +0100
Source: network-manager
Binary: libnm-util-dev network-manager-gnome network-manager-dev libnm-util0
libnm-glib0 network-manager libnm-glib-dev
Architecture: source i386
Version: 0.6.4-6+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Riccardo Setti <[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
libnm-glib-dev - network management framework (GLib interface)
libnm-glib0 - network management framework (GLib shared library)
libnm-util-dev - network management framework (development files)
libnm-util0 - network management framework (shared library)
network-manager - network management framework daemon
network-manager-dev - network management framework (development files)
network-manager-gnome - network management framework (GNOME frontend)
Closes: 519801
Changes:
network-manager (0.6.4-6+etch1) oldstable-security; urgency=high
.
* debian/patches/13-CVE-2009-0365.patch
- SECURITY: It was discovered that NetworkManager did not properly enforce
permissions when responding to dbus requests. A local user could perform
dbus queries to view system and user network connection passwords and
pre-shared keys. (Closes: #519801)
FIXES: CVE-2009-0365
Files:
9ca281c6a38a498e5735a9e8caa4b7bc 1034 net optional
network-manager_0.6.4-6+etch1.dsc
2d8ec8b17f85ee9aa9c0e04c63b98c3a 1079499 net optional
network-manager_0.6.4.orig.tar.gz
448d010bfa385c406fad97b0c9667731 20424 net optional
network-manager_0.6.4-6+etch1.diff.gz
2f6c0940ac4e34ba3aea0c8cbf76cf60 239640 net optional
network-manager_0.6.4-6+etch1_i386.deb
e925bac52eb8fad1bcdf7e14f6dbbc1e 371748 gnome optional
network-manager-gnome_0.6.4-6+etch1_i386.deb
1e07c7c7318b89b08f443fcc2fcc4ed1 112858 devel optional
network-manager-dev_0.6.4-6+etch1_i386.deb
f2bae719f42c8a30dcd3b7e8004b8d58 118136 libs optional
libnm-glib0_0.6.4-6+etch1_i386.deb
d38c510c9e0094529575917272e74b72 118530 libdevel optional
libnm-glib-dev_0.6.4-6+etch1_i386.deb
2c641df7d5ab4f100778795dce5ab9bb 123882 libs optional
libnm-util0_0.6.4-6+etch1_i386.deb
e00655f007c778143f3b33eb2618cf2a 126232 libdevel optional
libnm-util-dev_0.6.4-6+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkso8h0ACgkQh7PER70FhVSUJwCfU2XqAyR9L6smbmzW7unHrEoj
cBsAn2Nxg5TgBo3cjoGT4VfPetjGaLCA
=b96c
-----END PGP SIGNATURE-----
--- End Message ---