Debian: DSA-1955-1: New network-manager/network-manager-applet packages fix information disclosure

    Date16 Dec 2009
    CategoryDebian
    23
    Posted ByLinuxSecurity Advisories
    It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1955-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    December 16, 2009                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : network-manager/network-manager-applet
    Vulnerability  : information disclosure
    Problem type   : local
    Debian-specific: no
    CVE Id         : CVE-2009-0365
    Debian Bug     : 519801
    
    It was discovered that network-manager-applet, a network management
    framework, lacks some dbus restriction rules, which allows local users
    to obtain sensitive information.
    
    If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf
    file, then please make sure that you merge the changes from this fix
    when asked during upgrade.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.6.6-4+lenny1 of network-manager-applet.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 0.6.4-6+etch1 of network-manager.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 0.7.0.99-1 of
    network-manager-applet.
    
    
    We recommend that you upgrade your network-manager and
    network-manager-applet packages accordingly.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
        Size/MD5 checksum:     1034 9ca281c6a38a498e5735a9e8caa4b7bc
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
        Size/MD5 checksum:    20424 448d010bfa385c406fad97b0c9667731
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz
        Size/MD5 checksum:  1079499 2d8ec8b17f85ee9aa9c0e04c63b98c3a
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   381334 d0fa566c6157cc9590fc4ac343494c06
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   112752 eaccaea2845fbf15eb7785aea488ae23
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   259300 2cba0b7225cb0bf54a213b629f8e549c
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   119400 ac8ae428f79e0643730d648fa785038b
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   127538 1f191e99e963f25791b788933f92fe67
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   121702 e00aff6a1ce0de6fde754f8f26bd56cf
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_alpha.deb
        Size/MD5 checksum:   136174 4fb472c760ecb83864912cd403d6d68b
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   377714 346447be8036a69f83dc33f33086535d
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   118648 242e933e9b2a4a217c26ba938dfec496
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   127308 c98926309bc01886ea1e617b0ddd234c
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   124268 f924645be9b503ad97bc66abeb9a0250
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   247392 faca3961e48d3ccb07334e741aec10df
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   111986 9c6fe9dbc9d2185eb702d6ff47398fe7
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_amd64.deb
        Size/MD5 checksum:   118352 07be7293e380f38897fdfb3b0d693021
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   130832 22aa006ddb311666af1b41e63ec17fd4
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   112826 d4e444ea04ccc770444a6426b792b3c6
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   125866 fea8d5b15a0c2a94000c0d9b8987499c
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   120276 372238091d3ab15325f5ad8fee84efd5
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   376960 860f031ba177fad3524dfbb20118e550
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   254374 1835e8ff4f393d3554b566436a2fea57
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_hppa.deb
        Size/MD5 checksum:   119536 48e2418b0280423b2e9f69e95b37d643
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   126232 e00655f007c778143f3b33eb2618cf2a
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   118530 d38c510c9e0094529575917272e74b72
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   123882 2c641df7d5ab4f100778795dce5ab9bb
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   239640 2f6c0940ac4e34ba3aea0c8cbf76cf60
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   118136 f2bae719f42c8a30dcd3b7e8004b8d58
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   112858 1e07c7c7318b89b08f443fcc2fcc4ed1
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb
        Size/MD5 checksum:   371748 e925bac52eb8fad1bcdf7e14f6dbbc1e
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   305500 e779cdb25338cd8dc21525022b22768e
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   407794 6a16b5e4e8563fbad6bd6890bdd7a123
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   122722 fdcf975b50ed49f4ee37f9f994b94c97
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   130812 ccae0fa400747a22e3124b8223df51bb
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   112786 f035e38ad68cf43e32c626d50d781982
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   122246 6fe88cd1556e1c00755d4509b69f2a52
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_ia64.deb
        Size/MD5 checksum:   136392 21529694edab05b38f0a3613768d3509
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   120050 311d3c58e470683d003a764b8cd0f245
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   124602 6534f02f08d137f6e050aa86026b46fd
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   239920 47d8290298850e325301c7d1ef97048b
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   112790 639962b84ef0f74825f81c0eda9cbbbb
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   131648 fd2e9dc863a688705ea03e47ca55c9fa
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   370762 2e777acfce2d882f54ef92082ea34f09
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_mips.deb
        Size/MD5 checksum:   118374 c784f17c138aa7b86454449fe9021dcc
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   125372 2edfcaec1df4a4e03b4653aff3012329
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   119820 eb0b1dae1c13fa662708ef7391f70266
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   112786 946de4230810730fc422b4170779bb38
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   368504 c9b07a65e97306f92b70d5ad030b2c5a
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   128568 278e2b2cc57991607b9bbf71eeec3a61
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   119290 8259e2adda573211e8a0b85c0752a668
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_powerpc.deb
        Size/MD5 checksum:   242784 6fe6a79309ee3c4d95d9b1da16b78ecd
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   128288 319084680439c80a2817f3f8606935ac
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   118792 a697368a598ad353b8bb00930f5a2c1c
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   112580 717a8ab6f698873851a5dc586d9000d3
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   234136 05f09b3f9c4dfaab27217a1ca5f7ee4a
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   118152 abd8acdd835d5d52c1d200c5d6d4f1e7
      http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   369282 40598f43075951ceb3a2af2dbafcda2c
      http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_sparc.deb
        Size/MD5 checksum:   124676 9ea075e2ca00fad4d1d390cd23ee847a
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc
        Size/MD5 checksum:     1734 34200f4387757a3688c49c617bc09fc6
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
        Size/MD5 checksum:     8437 d5c7910fc754ef45eb7628f41e98023f
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz
        Size/MD5 checksum:   781511 16e95a3515e4255d034b14045a9effd5
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_alpha.deb
        Size/MD5 checksum:   346500 420e6ae0bbf0086e032e05da9c554e6d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_amd64.deb
        Size/MD5 checksum:   337408 38262fc0d2cadaea090e0098f7c24c67
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_hppa.deb
        Size/MD5 checksum:   341614 509c38929b6588de102b937fcde5e424
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb
        Size/MD5 checksum:   331344 993767ed8f55910cced53c641074b338
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_ia64.deb
        Size/MD5 checksum:   379256 f662db05a7011e7e9c4ac46c39b960c6
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mips.deb
        Size/MD5 checksum:   331820 5daf0ed1f11f1848b76b5f48b5e771a9
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mipsel.deb
        Size/MD5 checksum:   331298 b2cee8325e9908f7e14aeb455e2ad863
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_powerpc.deb
        Size/MD5 checksum:   342226 3b26b9f83aa0c036559f302fb9445fa0
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_sparc.deb
        Size/MD5 checksum:   329700 3241f8fd438f725f0526cb628251c4ef
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.