[Pkg-utopia-commits] r3338 - in /packages/lenny/network-manager-applet/debian: changelog patches/10-CVE-2009-0365.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Tue Dec 15 22:41:43 UTC 2009
Author: biebl
Date: Tue Dec 15 22:41:43 2009
New Revision: 3338
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3338
Log:
* debian/patches/10-CVE-2009-0365.patch
- SECURITY: It was discovered that NetworkManager did not properly enforce
permissions when responding to dbus requests. A local user could perform
dbus queries to view system and user network connection passwords and
pre-shared keys. (Closes: #519801)
FIXES: CVE-2009-0365
Added:
packages/lenny/network-manager-applet/debian/patches/10-CVE-2009-0365.patch
Modified:
packages/lenny/network-manager-applet/debian/changelog
Modified: packages/lenny/network-manager-applet/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/lenny/network-manager-applet/debian/changelog?rev=3338&op=diff
==============================================================================
--- packages/lenny/network-manager-applet/debian/changelog (original)
+++ packages/lenny/network-manager-applet/debian/changelog Tue Dec 15 22:41:43 2009
@@ -1,3 +1,14 @@
+network-manager-applet (0.6.6-4+lenny1) UNRELEASED; urgency=high
+
+ * debian/patches/10-CVE-2009-0365.patch
+ - SECURITY: It was discovered that NetworkManager did not properly enforce
+ permissions when responding to dbus requests. A local user could perform
+ dbus queries to view system and user network connection passwords and
+ pre-shared keys. (Closes: #519801)
+ FIXES: CVE-2009-0365
+
+ -- Michael Biebl <biebl at debian.org> Tue, 15 Dec 2009 23:40:01 +0100
+
network-manager-applet (0.6.6-4) unstable; urgency=low
* debian/patches/08-manual_means_always_online.patch
Added: packages/lenny/network-manager-applet/debian/patches/10-CVE-2009-0365.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/lenny/network-manager-applet/debian/patches/10-CVE-2009-0365.patch?rev=3338&op=file
==============================================================================
--- packages/lenny/network-manager-applet/debian/patches/10-CVE-2009-0365.patch (added)
+++ packages/lenny/network-manager-applet/debian/patches/10-CVE-2009-0365.patch Tue Dec 15 22:41:43 2009
@@ -1,0 +1,29 @@
+SECURITY: It was discovered that NetworkManager did not properly enforce
+permissions when responding to dbus requests. A local user could perform
+dbus queries to view system and user network connection passwords and
+pre-shared keys. (Closes: #519801)
+FIXES: CVE-2009-0365
+diff --git a/nm-applet.conf b/nm-applet.conf
+index ffe2bbd..fb49d1e 100644
+--- a/nm-applet.conf
++++ b/nm-applet.conf
+@@ -19,6 +19,19 @@
+
+ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
+ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
++
++ <!-- Only root can get keys -->
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="getKeyForNetwork"/>
++
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="cancelGetKeyForNetwork"/>
++
++ <deny send_destination="org.freedesktop.NetworkManagerInfo"
++ send_interface="org.freedesktop.NetworkManagerInfo"
++ send_member="updateNetworkInfo"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManagerInfo"/>
More information about the Pkg-utopia-commits
mailing list