Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1955-1] New network-manager/network-manager-applet pack

From Steffen Joeris@1:229/2 to All on Wed Dec 16 18:30:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1955-1 [email protected] http://www.debian.org/security/ Steffen Joeris
December 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : network-manager/network-manager-applet
Vulnerability : information disclosure
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-0365
Debian Bug : 519801

It was discovered that network-manager-applet, a network management
framework, lacks some dbus restriction rules, which allows local users
to obtain sensitive information.

If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf
file, then please make sure that you merge the changes from this fix
when asked during upgrade.

For the stable distribution (lenny), this problem has been fixed in
version 0.6.6-4+lenny1 of network-manager-applet.

For the oldstable distribution (etch), this problem has been fixed in
version 0.6.4-6+etch1 of network-manager.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.7.0.99-1 of network-manager-applet.

We recommend that you upgrade your network-manager and
network-manager-applet packages accordingly.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
Size/MD5 checksum: 1034 9ca281c6a38a498e5735a9e8caa4b7bc
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
Size/MD5 checksum: 20424 448d010bfa385c406fad97b0c9667731
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz
Size/MD5 checksum: 1079499 2d8ec8b17f85ee9aa9c0e04c63b98c3a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 381334 d0fa566c6157cc9590fc4ac343494c06
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 112752 eaccaea2845fbf15eb7785aea488ae23
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 259300 2cba0b7225cb0bf54a213b629f8e549c
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 119400 ac8ae428f79e0643730d648fa785038b
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 127538 1f191e99e963f25791b788933f92fe67
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 121702 e00aff6a1ce0de6fde754f8f26bd56cf
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_alpha.deb
Size/MD5 checksum: 136174 4fb472c760ecb83864912cd403d6d68b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 377714 346447be8036a69f83dc33f33086535d
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 118648 242e933e9b2a4a217c26ba938dfec496
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 127308 c98926309bc01886ea1e617b0ddd234c
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 124268 f924645be9b503ad97bc66abeb9a0250
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 247392 faca3961e48d3ccb07334e741aec10df
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 111986 9c6fe9dbc9d2185eb702d6ff47398fe7
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_amd64.deb
Size/MD5 checksum: 118352 07be7293e380f38897fdfb3b0d693021

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 130832 22aa006ddb311666af1b41e63ec17fd4
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 112826 d4e444ea04ccc770444a6426b792b3c6
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 125866 fea8d5b15a0c2a94000c0d9b8987499c
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 120276 372238091d3ab15325f5ad8fee84efd5
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 376960 860f031ba177fad3524dfbb20118e550
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 254374 1835e8ff4f393d3554b566436a2fea57
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_hppa.deb
Size/MD5 checksum: 119536 48e2418b0280423b2e9f69e95b37d643

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	154:37:48
Calls:	12,092
Calls today:	5
Files:	15,000
Messages:	6,517,680

[SECURITY] [DSA 1955-1] New network-manager/network-manager-applet pack

Who's Online

Recent Visitors

System Info