File _patchinfo of Package patchinfo.import5373
<patchinfo incident="NetworkManager" version="5373">
<issue tracker="bnc" id="574266" />
<issue tracker="bnc" id="702016" />
<issue tracker="CVE" id="CVE-2006-7246" />
<issue tracker="CVE" id="CVE-2011-2176" />
<category>security</category>
<rating>low</rating>
<summary>NetworkManager security update</summary>
<description>NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.
NetworkManager did not honor the PolicyKit auth_admin
setting when creating Ad-Hoc wireless networks
(CVE-2011-2176)
</description>
<packager>adrianSuSE</packager>
</patchinfo>