NetworkManager security update
NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.
NetworkManager did not honor the PolicyKit auth_admin
setting when creating Ad-Hoc wireless networks
(CVE-2011-2176)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5373
Fixed bugs
bnc#574266
VUL-0: NetworkManager unsafe for WPA2 Enterprise networks
bnc#702016
VUL-0: NetworkManager: did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
