update for NetworkManager-gnome, NetworkManager, wpa_supplicant, gnome-control-center
NetworkManager did not pin a certificate's subject to an ESSID. A rogue access
point could therefore be used to conduct MITM attacks by using any other valid
certificate issued by same CA as used in the original network (CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need to be deleted and
re-created to take advantage of the new security checks.
-
Submitted by
Ludwig Nussel (lnussel)
- Reboot is suggested
Fixed bugs
bnc#574266
VUL-0: NetworkManager unsafe for WPA2 Enterprise networks
CVE#CVE-2006-7246
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.