[Pkg-utopia-commits] r3337 - in /packages/etch/networkmanager/debian: changelog patches/13-CVE-2009-0365.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Tue Dec 15 22:38:43 UTC 2009
Author: biebl
Date: Tue Dec 15 22:38:43 2009
New Revision: 3337
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3337
Log:
* debian/patches/13-CVE-2009-0365.patch
- SECURITY: It was discovered that NetworkManager did not properly enforce
permissions when responding to dbus requests. A local user could perform
dbus queries to view system and user network connection passwords and
pre-shared keys. (Closes: #519801)
FIXES: CVE-2009-0365
Added:
packages/etch/networkmanager/debian/patches/13-CVE-2009-0365.patch
Modified:
packages/etch/networkmanager/debian/changelog
Modified: packages/etch/networkmanager/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/networkmanager/debian/changelog?rev=3337&op=diff
==============================================================================
--- packages/etch/networkmanager/debian/changelog (original)
+++ packages/etch/networkmanager/debian/changelog Tue Dec 15 22:38:43 2009
@@ -1,3 +1,14 @@
+network-manager (0.6.4-6+etch1) UNRELEASED; urgency=high
+
+ * debian/patches/13-CVE-2009-0365.patch
+ - SECURITY: It was discovered that NetworkManager did not properly enforce
+ permissions when responding to dbus requests. A local user could perform
+ dbus queries to view system and user network connection passwords and
+ pre-shared keys. (Closes: #519801)
+ FIXES: CVE-2009-0365
+
+ -- Michael Biebl <biebl at debian.org> Tue, 15 Dec 2009 23:31:58 +0100
+
network-manager (0.6.4-6) unstable; urgency=medium
* debian/patches/10-po_fr.patch
Added: packages/etch/networkmanager/debian/patches/13-CVE-2009-0365.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/networkmanager/debian/patches/13-CVE-2009-0365.patch?rev=3337&op=file
==============================================================================
--- packages/etch/networkmanager/debian/patches/13-CVE-2009-0365.patch (added)
+++ packages/etch/networkmanager/debian/patches/13-CVE-2009-0365.patch Tue Dec 15 22:38:43 2009
@@ -1,0 +1,29 @@
+SECURITY: It was discovered that NetworkManager did not properly enforce
+permissions when responding to dbus requests. A local user could perform
+dbus queries to view system and user network connection passwords and
+pre-shared keys. (Closes: #519801)
+FIXES: CVE-2009-0365
+diff --git a/gnome/applet/nm-applet.conf b/gnome/applet/nm-applet.conf
+index 121e89b..3338419 100644
+--- a/gnome/applet/nm-applet.conf
++++ b/gnome/applet/nm-applet.conf
+@@ -13,6 +13,19 @@
+
+ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
+ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
++
++ <!-- Only root can get keys -->
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="getKeyForNetwork"/>
++
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="cancelGetKeyForNetwork"/>
++
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="updateNetworkInfo"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManagerInfo"/>
More information about the Pkg-utopia-commits
mailing list