Debian Bug report logs -
#631520
CVE-2011-2176: NetworkManager do not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
Reported by: Luciano Bello <luciano@debian.org>
Date: Fri, 24 Jun 2011 15:03:02 UTC
Severity: important
Tags: patch, security
Fixed in version network-manager/0.9.0-1
Done: Michael Biebl <biebl@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#631520; Package network-manager.
(Fri, 24 Jun 2011 15:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Fri, 24 Jun 2011 15:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: network-manager
Severity: important
Tags: security patch
Hi,
The Red Hat Security Response Team reported a bug in network-manage:
https://bugzilla.redhat.com/show_bug.cgi?id=709662
Patch is included:
https://bugzilla.redhat.com/show_bug.cgi?id=709662#c15
In a quick check sid looks affected. Can you confirm if oldstable/stable
are affected too?
The CVE (Common Vulnerabilities & Exposures) assigned is CVE-2011-2176.
If you fix the vulnerability please also make sure to include the CVE id in your
changelog entry.
Thanks!
-luciano
Reply sent
to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(Tue, 23 Aug 2011 23:51:19 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Tue, 23 Aug 2011 23:51:19 GMT) (full text, mbox, link).
Message #10 received at 631520-close@bugs.debian.org (full text, mbox, reply):
Source: network-manager
Source-Version: 0.9.0-1
We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive:
gir1.2-networkmanager-1.0_0.9.0-1_i386.deb
to main/n/network-manager/gir1.2-networkmanager-1.0_0.9.0-1_i386.deb
libnm-glib-dev_0.9.0-1_i386.deb
to main/n/network-manager/libnm-glib-dev_0.9.0-1_i386.deb
libnm-glib-vpn-dev_0.9.0-1_i386.deb
to main/n/network-manager/libnm-glib-vpn-dev_0.9.0-1_i386.deb
libnm-glib-vpn1_0.9.0-1_i386.deb
to main/n/network-manager/libnm-glib-vpn1_0.9.0-1_i386.deb
libnm-glib4_0.9.0-1_i386.deb
to main/n/network-manager/libnm-glib4_0.9.0-1_i386.deb
libnm-util-dev_0.9.0-1_i386.deb
to main/n/network-manager/libnm-util-dev_0.9.0-1_i386.deb
libnm-util2_0.9.0-1_i386.deb
to main/n/network-manager/libnm-util2_0.9.0-1_i386.deb
network-manager-dbg_0.9.0-1_i386.deb
to main/n/network-manager/network-manager-dbg_0.9.0-1_i386.deb
network-manager-dev_0.9.0-1_i386.deb
to main/n/network-manager/network-manager-dev_0.9.0-1_i386.deb
network-manager_0.9.0-1.debian.tar.gz
to main/n/network-manager/network-manager_0.9.0-1.debian.tar.gz
network-manager_0.9.0-1.dsc
to main/n/network-manager/network-manager_0.9.0-1.dsc
network-manager_0.9.0-1_i386.deb
to main/n/network-manager/network-manager_0.9.0-1_i386.deb
network-manager_0.9.0.orig.tar.bz2
to main/n/network-manager/network-manager_0.9.0.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 631520@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated network-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 24 Aug 2011 00:40:48 +0200
Source: network-manager
Binary: network-manager network-manager-dev libnm-glib4 libnm-glib-dev libnm-glib-vpn1 libnm-glib-vpn-dev libnm-util2 libnm-util-dev network-manager-dbg gir1.2-networkmanager-1.0
Architecture: source i386
Version: 0.9.0-1
Distribution: experimental
Urgency: low
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
gir1.2-networkmanager-1.0 - GObject introspection data for NetworkManager
libnm-glib-dev - network management framework (GLib interface)
libnm-glib-vpn-dev - network management framework (GLib interface)
libnm-glib-vpn1 - network management framework (GLib VPN shared library)
libnm-glib4 - network management framework (GLib shared library)
libnm-util-dev - network management framework (development files)
libnm-util2 - network management framework (shared library)
network-manager - network management framework (daemon and userspace tools)
network-manager-dbg - network management framework (debugging symbols)
network-manager-dev - network management framework (development files)
Closes: 631520
Changes:
network-manager (0.9.0-1) experimental; urgency=low
.
* New upstream release.
- Properly enforce PolicyKit settings controlling the permissions to
configure wireless network sharing. (CVE-2011-2176, Closes: #631520)
* Update symbols files.
Checksums-Sha1:
823de3c927c2f3cdf99d1da250ef281812174af7 2532 network-manager_0.9.0-1.dsc
9a5006b0ca8c07a21f9e71e4cd81a36e0ca1e755 2158152 network-manager_0.9.0.orig.tar.bz2
42957436be0ecf13a3b8f9d50b527a582431fdfe 29461 network-manager_0.9.0-1.debian.tar.gz
755343ec61630f4897b3d8b0d4567a339d4059db 1135734 network-manager_0.9.0-1_i386.deb
3bc750f0e5e8d6e6c93f7b61a9a76b017ba05ce3 279998 network-manager-dev_0.9.0-1_i386.deb
a855d02a0fb9093087165d863b4d66bfd9f5ab80 302214 libnm-glib4_0.9.0-1_i386.deb
b09656db85b8cfcd398b0fa0ec81cbcf1d51d5ab 325394 libnm-glib-dev_0.9.0-1_i386.deb
769926c6a12c3006e31c35399d865c8c66dea158 238084 libnm-glib-vpn1_0.9.0-1_i386.deb
969043d6710a4e9608b7d9f852493a8cc69605b2 228802 libnm-glib-vpn-dev_0.9.0-1_i386.deb
33cd8027f876153569049becfdfb3bf27f10c6d7 341778 libnm-util2_0.9.0-1_i386.deb
427691a19818a8d106e835cd32ece66ee847f445 444002 libnm-util-dev_0.9.0-1_i386.deb
84277f2b751a73af2858a080ba21336f659edbb8 1403308 network-manager-dbg_0.9.0-1_i386.deb
27a3267567521501f7921c3b2f90a01eac57b6c4 260604 gir1.2-networkmanager-1.0_0.9.0-1_i386.deb
Checksums-Sha256:
6774fbdcc4badeb15c6c641fc24dd4f480eced48697d7a14eb8af19eb509c16b 2532 network-manager_0.9.0-1.dsc
98d928684ab1707a8200aaeb07a648e214096b8f0fe56294a49f08c18e39714f 2158152 network-manager_0.9.0.orig.tar.bz2
0a8dfad0000e5b2878b797ab83e1fab3e16ef48b6593d6b419e5bfdd8fedacf2 29461 network-manager_0.9.0-1.debian.tar.gz
761e3335cfe18e80fc930b365b99c0bf4e9f499ed7796df7c58b71b15b588660 1135734 network-manager_0.9.0-1_i386.deb
00ac29bb83708bd87173e8a8c09bc2d6b9f49074a695c6bfa0809236fac8c34d 279998 network-manager-dev_0.9.0-1_i386.deb
ebc1aa381b37e1569eaf110d2d682b7d9205cdcd709e659b1b7ee7fb59ea22ea 302214 libnm-glib4_0.9.0-1_i386.deb
60fbb5964d1057603b7cf4f98e632859ef667d8798c6cd0261e512275586f729 325394 libnm-glib-dev_0.9.0-1_i386.deb
cd676c70336d282b1117af0661aa4c0e5ac493f99e274cb965e1d22b3c00ec34 238084 libnm-glib-vpn1_0.9.0-1_i386.deb
d7db71e9ce043b1945f23537f428b63682518226157e816de170a20ee0d233e3 228802 libnm-glib-vpn-dev_0.9.0-1_i386.deb
1f16117a8594ab116157214387bf65fd7c4fec2fe98e9382a3dd7ffd7ccab463 341778 libnm-util2_0.9.0-1_i386.deb
53ed6f3ea609452f816fc35df51c413e552741e54611af5c4259c5dd513fecb3 444002 libnm-util-dev_0.9.0-1_i386.deb
f83115586f85055ae02af6bb14c2c979878ab8bcecf5041ad4f27ad274e48b7b 1403308 network-manager-dbg_0.9.0-1_i386.deb
c7f608d004855eaba9254d407e94ce225741d3dccba94877fcd7a1b410ad86db 260604 gir1.2-networkmanager-1.0_0.9.0-1_i386.deb
Files:
3f91884639773f07535d1b6a38ed594f 2532 net optional network-manager_0.9.0-1.dsc
f807102109e63ec708d4fd7a7f3f7deb 2158152 net optional network-manager_0.9.0.orig.tar.bz2
662f65b0107d632bcda1a422a79e9107 29461 net optional network-manager_0.9.0-1.debian.tar.gz
19a5e51783fcd00d7a6b1bff418c8f66 1135734 net optional network-manager_0.9.0-1_i386.deb
4226b3eb1885dbe86cb84dc80fba6840 279998 devel optional network-manager-dev_0.9.0-1_i386.deb
c4400fe234dd1206f0d4ac215ec6d2f7 302214 libs optional libnm-glib4_0.9.0-1_i386.deb
e994084d0d47fa5768d1c872a8ce3fee 325394 libdevel optional libnm-glib-dev_0.9.0-1_i386.deb
96c4092526d9fc5b48ded20ce72e95d9 238084 libs optional libnm-glib-vpn1_0.9.0-1_i386.deb
24c0291bdaf6891ca3d22a2837f3bd1c 228802 libdevel optional libnm-glib-vpn-dev_0.9.0-1_i386.deb
8129f558f00c53d0a1f0da4259ff9963 341778 libs optional libnm-util2_0.9.0-1_i386.deb
6f5d0bea7f4120821f77ef53491da740 444002 libdevel optional libnm-util-dev_0.9.0-1_i386.deb
532f18f0547e8b621b31f5a9c96f9da3 1403308 debug extra network-manager-dbg_0.9.0-1_i386.deb
62c298189abc7da03af9c05cbf6e3305 260604 libs optional gir1.2-networkmanager-1.0_0.9.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOVDNWAAoJEGrh4w1gjyLcdrgP/ixXSS3Dz5M34wqbumqOllw5
7b8+u+0TDmw8Y0v04713fVqDRCC0aLZBl511YbHiawhg2sXt5aP7ownG5h4+XuDK
kFD4yoztXgFAdFP0spWw2f/Pfu7TeT3r3uN0CT38FEeVGxgMjM66t3V4T633EszN
Z/ukBAZClzDJnRfhDrHatKChOvLocZ8HrEorC/5zTXjHBw+ZBcJqgogxPV9LqAq9
TCCK444ycJeI+5kYmz4B7dC+QXWv6nkpdLzUV8x74P0Y7X4qcXuWRnWaBdB2giNx
VlsqXRN1C6GZueKhIlU0/pXEyJpHmfv4o1sVQiq79t2F14ygjTUMAMRzxAvr+3rK
gdVfiE2fW62kI5zkrCgWxSX7uF6Om5yhHfyTmdt7fXPVrz2mCZQAqFkuOW0amt8s
y83j338rxygmvybI2X+dFNTDG6iztnuV/D+ec6SDVcOYcjo5RSeA2fR/ZGtFUvz/
aVxirQaghr3HjT6X3kugduLYcf4wgmq7UgPnhAuzE1ieU/mBPzAmSE2wohjsZN/Y
mADpsdWOzxXumHDySdSJJEBZCNzzMwMV5BVhM4MFOTI3+AKwbNfqNWSRqk9DfKqH
dSohPmSaxGo6nJ2V7CBVbkPq2YSe7Mlk3ttU2Sr25lqBAsatN6oqpL5sglaBJmc4
HqjwWqX++8sH5w0FLOrD
=4B3q
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 23 Oct 2011 07:35:45 GMT) (full text, mbox, link).
Bug unarchived.
Request was from jmw@debian.org
to control@bugs.debian.org.
(Sun, 08 Jul 2012 16:22:19 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#631520; Package network-manager.
(Mon, 09 Jul 2012 03:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Mon, 09 Jul 2012 03:12:05 GMT) (full text, mbox, link).
Message #19 received at 631520@bugs.debian.org (full text, mbox, reply):
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable"
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.
For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].
0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/631520/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 06 Aug 2012 07:27:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:55:05 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon