Overview

File _patchinfo of Package patchinfo.import5373

<patchinfo incident="NetworkManager" version="5373">
  <issue tracker="bnc" id="574266" />
  <issue tracker="bnc" id="702016" />
  <issue tracker="CVE" id="CVE-2006-7246" />
  <issue tracker="CVE" id="CVE-2011-2176" />
  <category>security</category>
  <rating>low</rating>
  <summary>NetworkManager security update</summary>
  <description>NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).

Please note that  existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.

NetworkManager did not honor the PolicyKit auth_admin
setting when creating Ad-Hoc wireless networks
(CVE-2011-2176)
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places