Debian Security Advisory
DSA-1955-1 network-manager/network-manager-applet -- information disclosure
- Date Reported:
- 16 Dec 2009
- Affected Packages:
- network-manager/network-manager-applet
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 519801.
In Mitre's CVE dictionary: CVE-2009-0365. - More information:
-
It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information.
If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf file, then please make sure that you merge the changes from this fix when asked during upgrade.
For the oldstable distribution (etch), this problem has been fixed in version 0.6.4-6+etch1 of network-manager.
For the stable distribution (lenny), this problem has been fixed in version 0.6.6-4+lenny1 of network-manager-applet.
For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.7.0.99-1 of network-manager-applet.
We recommend that you upgrade your network-manager and network-manager-applet packages accordingly.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_mips.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_mips.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_sparc.deb
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.