Ubuntu Security Notice USN-883-1
13th January, 2010
network-manager-applet vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.04
- Ubuntu 8.10
Software description
- network-manager-applet
Details
It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)
It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.04:
- network-manager-gnome 0.7.1~rc4.1-0ubuntu2.1
- Ubuntu 8.10:
- network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to effect
the necessary changes.