[SECURITY] Fedora 12 Update: NetworkManager-0.8.1-3.git20100813.fc12

updates at fedoraproject.org updates at fedoraproject.org
Sat Aug 21 04:34:48 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12911
2010-08-17 05:08:33
--------------------------------------------------------------------------------

Name        : NetworkManager
Product     : Fedora 12
Version     : 0.8.1
Release     : 3.git20100813.fc12
URL         : http://www.gnome.org/projects/NetworkManager/
Summary     : Network connection manager and user applications
Description :
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when available.
It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and
provides VPN integration with a variety of different VPN services.

--------------------------------------------------------------------------------
Update Information:

It was discovered that dbus-glib did not enforce the "access" flag on exported
GObject properties. If such a property were read/write internally but specified
as read-only externally, a malicious, local user could use this flaw to modify
that property of an application. Such a change could impact the application's
behavior (for example, if an IP address were changed the network may not come up
properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172)
Due to the way dbus-glib translates an application's XML definitions of service
interfaces and properties into C code at application build time, applications
built against dbus-glib that use read-only properties needed to be rebuilt to
fully fix the flaw. This update provides NetworkManager, ModemManager and
DeviceKit-power packages that have been rebuilt against the updated dbus-glib
packages.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 13 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-3
- core: rebuild to fix dbus-glib security issue (CVE-2010-1172) (rh #585394)
* Fri Aug 13 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-2
- core: quiet annoying warnings (rh #612991)
- core: fix retrieval of various IP options in libnm-glib (rh #611141)
- core: ship NetworkManager.conf instead of deprecated nm-system-settings.conf (rh #606160)
- core: add short hostname to /etc/hosts too (rh #621910)
- core: recheck autoactivation when new system connections appear
- core: enable DHCPv6-only configurations (rh #612445)
- core: don't fail connection immediately if DHCP lease expires (rh #616084) (rh #590874)
- core: fix editing of PPPoE system connections
- core: work around twitchy frequency reporting of various wifi drivers
- core: don't tear down user connections on console changes (rh #614556)
- cli: wait a bit for NM's permissions check to complete (rh #614866)
- ifcfg-rh: ignore BRIDGE and VLAN configs and treat as unmanaged (rh #619863)
- man: add manpage for nm-online
- applet: fix crash saving ignore-missing-CA-cert preference (rh #619775)
- applet: hide PIN/PUK by default in the mobile PIN/PUK dialog (rh #615085)
- applet: ensure Enter closes the PIN/PUK dialog (rh #611831)
- applet: fix another crash in ignore-CA-certificate handling (rh #557495)
- editor: fix handling of Wired/s390 connections (rh #618620)
- editor: fix crash when canceling editing in IP address pages (rh #610891)
- editor: fix handling of s390-specific options
- editor: really fix crash when changing system connections (rh #603566)
* Thu Jul 22 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-1
- core: read nm-system-settings.conf before NetworkManager.conf (rh #606160)
- core: fix editing system DSL connections when using keyfile plugin
- core: work around inconsistent proprietary driver associated AP reporting
- core: ensure empty VPN secrets are not used (rh #587784)
- core: don't request WiFi scans when connection is locked to a specific BSSID
- cli: show IPv6 settings and configuration
- applet: updated translations
- editor: fix a PolicyKit-related crash editing connections (rh #603566)
- applet: fix saving the ignore-missing-CA-cert preference (rh #610084)
- editor: fix listing connections on PPC64 (rh #608663)
- editor: ensure editor windows are destroyed when closed (rh #572466)
* Thu Jul  1 2010 Matthias Clasen <mclasen at redhatcom> - 0.8.1-0.5
- Rebuild against new gnome-bluetooth
* Fri Jun 25 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-0.4
- Update to 0.8.1 release candidate
- core: fix WWAN hardware enable state tracking (rh #591622)
- core: fix Red Hat initscript return value on double-start (rh #584321)
- core: add multicast route entry for IPv4 link-local connections
- core: fix connection sharing in cases where a dnsmasq config file exists
- core: fix handling of Ad-Hoc wifi connections to indicate correct network
- core: ensure VPN interface name is passed to dispatcher when VPN goes down
- ifcfg-rh: fix handling of ASCII WEP keys
- ifcfg-rh: fix double-quoting of some SSIDs (rh #606518)
- applet: ensure deleted connections are actually forgotten (rh #618973)
- applet: don't crash if the AP's BSSID isn't availabe (rh #603236)
- editor: don't crash on PolicyKit events after windows are closed (rh #572466)
* Wed May 26 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-0.3
- core: fix nm-online crash (rh #593677)
- core: fix failed suspend disables network (rh #589108)
- core: print out missing firmware errors (rh #594578)
- applet: fix device descriptions for some mobile broadband devices
- keyfile: bluetooth fixes
- applet: updated translations (rh #589230)
* Wed May 19 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-0.2.git20100519
- core: use GIO in local mode only (rh #588745)
- core: updated translations (rh #589230)
- core: be more lenient in IPv6 RDNSS server expiry (rh #590202)
- core: fix headers to be C++ compatible (rh #592783)
- applet: updated translations (rh #589230)
- applet: lock connections with well-known SSIDs to their specific AP
* Mon May 10 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-0.1.git20100510
- core: fix handling of IPv6 RA flags when router goes away (rh #588560)
- bluetooth: fix crash configuring DUN connections from the wizard (rh #590666)
* Sun May  9 2010 Dan Williams <dcbw at redhat.com> - 0.8-13.git20100509
- core: restore initial accept_ra value for IPv6 ignored connections (rh #588619)
- bluetooth: fix bad timeout on PAN connections (rh #586961)
- applet: updated translations
* Tue May  4 2010 Dan Williams <dcbw at redhat.com> - 0.8-12.git20100504
- core: treat missing IPv6 configuration as ignored (rh #588814)
- core: don't flush IPv6 link-local routes (rh #587836)
- cli: update output formatting
* Mon May  3 2010 Dan Williams <dcbw at redhat.com> - 0.8-11.git20100503
- core: allow IP configuration as long as one method completes (rh #567978)
- core: don't prematurely remove IPv6 RDNSS nameservers (rh #588192)
- core: ensure router advertisements are only used when needed (rh #588613)
- editor: add IPv6 gateway editing capability
* Sun May  2 2010 Dan Williams <dcbw at redhat.com> - 0.8-10.git20100502
- core: IPv6 autoconf, DHCP, link-local, and manual mode fixes
- editor: fix saving IPv6 address in user connections
* Thu Apr 29 2010 Dan Williams <dcbw at redhat.com> - 0.8-9.git20100429
- core: fix crash when IPv6 is enabled and interface is deactivated
* Mon Apr 26 2010 Dan Williams <dcbw at redhat.com> - 0.8-8.git20100426
- core: fix issues with IPv6 router advertisement mishandling (rh #530670)
- core: many fixes for IPv6 RA and DHCP handling (rh #538499)
- core: ignore WWAN ethernet devices until usable (rh #585214)
- ifcfg-rh: fix handling of WEP passphrases (rh #581718)
- applet: fix crashes (rh #582938) (rh #582428)
- applet: fix crash with multiple concurrent authorization requests (rh #585405)
- editor: allow disabling IPv4 on a per-connection basis
- editor: add support for IPv6 DHCP-only configurations
* Thu Apr 22 2010 Dan Williams <dcbw at redhat.com> - 0.8-7.git20100422
- core: fix crash during install (rh #581794)
- wifi: fix crash when supplicant segfaults after resume (rh #538717)
- ifcfg-rh: fix MTU handling for wired connections (rh #569319)
- applet: fix display of disabled mobile broadband devices
* Thu Apr  8 2010 Dan Williams <dcbw at redhat.com> - 0.8-6.git20100408
- core: fix automatic WiFi connections on resume (rh #578141)
* Thu Apr  8 2010 Dan Williams <dcbw at redhat.com> - 0.8-5.git20100408
- core: more flexible logging
- core: fix crash with OLPC mesh devices after suspend
- applet: updated translations
- applet: show mobile broadband signal strength and technology in the icon
- applet: fix continuous password requests for 802.1x connections (rh #576925)
- applet: many updated translations
* Thu Mar 25 2010 Dan Williams <dcbw at redhat.com> - 0.8-4.git20100325
- core: fix modem enable/disable
- core: fix modem default route handling
* Tue Mar 23 2010 Dan Williams <dcbw at redhat.com> - 0.8-3.git20100323
- core: don't exit early on non-fatal state file errors
- core: fix Bluetooth connection issues (rh #572340)
- applet: fix some translations (rh #576056)
- applet: better feedback when wrong PIN/PUK is entered
- applet: many updated translations
- applet: PIN2 unlock not required for normal modem functionality
- applet: fix wireless secrets dialog display
* Wed Mar 17 2010 Dan Williams <dcbw at redhat.com> - 0.8-2.git20100317
- man: many manpage updates
- core: determine classful prefix if non is given via DHCP
- core: ensure /etc/hosts is always up-to-date and correct (rh #569914)
- core: support GSM network and roaming preferences
- applet: startup speed enhancements
- applet: better support for OTP/token-based WiFi connections (rh #526383)
- applet: show GSM and CDMA registration status and signal strength when available
- applet: fix zombie GSM and CDMA devices in the menu
- applet: remove 4-character GSM PIN/PUK code limit
- applet: fix insensitive WiFi Create... button (rh #541163)
- applet: allow unlocking of mobile devices immediately when plugged in
* Fri Feb 19 2010 Dan Williams <dcbw at redhat.com> - 0.8-1.git20100219
- core: update to final 0.8 release
- core: fix Bluetooth DUN connections when secrets are needed
- ifcfg-rh: add helper for initscripts to determine ifcfg connection UUIDs
- applet: fix Bluetooth connection secrets requests
- applet: fix rare conflict with other gnome-bluetooth plugins
* Thu Feb 11 2010 Dan Williams <dcbw at redhat.com> - 0.8-0.4.git20100211
- core: fix mobile broadband PIN handling (rh #543088) (rh #560742)
- core: better handling of /etc/hosts if hostname was already added by the user
- applet: crash less on D-Bus property errors (rh #557007)
- applet: fix crash entering wired 802.1x connection details (rh #556763)
* Tue Feb  9 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 0.8-0.3.git20100129
- core: validate the autostart .desktop file
- build: fix nmcli for the stricter ld (fixes FTBFS)
- build: fix nm-connection-editor for the stricter ld (fixes FTBFS)
- applet: don't autostart in KDE on F13+ (#541353)
* Fri Jan 29 2010 Dan Williams <dcbw at redhat.com> - 0.8-0.2.git20100129
- core: add Bluetooth Dial-Up Networking (DUN) support (rh #136663)
- core: start DHCPv6 on receipt of RA 'otherconf'/'managed' bits
- nmcli: allow enable/disable of WiFi and WWAN
* Fri Jan 22 2010 Dan Williams <dcbw at redhat.com> - 0.8-0.1.git20100122
- ifcfg-rh: read and write DHCPv6 enabled connections (rh #429710)
- nmcli: update
* Thu Jan 21 2010 Dan Williams <dcbw at redhat.com> - 0.7.999-2.git20100120
- core: clean NSS up later to preserve errors from crypto_init()
* Wed Jan 20 2010 Dan Williams <dcbw at redhat.com> - 0.7.999-1.git20100120
- core: support for managed-mode DHCPv6 (rh #429710)
- ifcfg-rh: gracefully handle missing PREFIX/NETMASK
- cli: initial preview of command-line client
- applet: add --help to explain what the applet is (rh #494641)
* Wed Jan  6 2010 Dan Williams <dcbw at redhat.com> - 0.7.998-1.git20100106
- build: fix for new pppd (rh #548520)
- core: add WWAN enable/disable functionality
- ifcfg-rh: IPv6 addressing and routes support (rh #523288)
- ifcfg-rh: ensure connection is updated when route/key files change
- applet: fix crash when active AP isn't found (rh #546901)
- editor: fix crash when editing connections (rh #549579)
* Mon Dec 14 2009 Dan Williams <dcbw at redhat.com> - 0.7.997-2.git20091214
- core: fix recognition of standalone 802.1x private keys
- applet: clean notification text to ensure it passes libnotify validation
* Mon Dec  7 2009 Dan Williams <dcbw at redhat.com> - 0.7.997-1
- core: remove haldaemon from initscript dependencies (rh #542078)
- core: handle PEM certificates without an ending newline (rh #507315)
- core: fix rfkill reporting for ipw2x00 devices
- core: increase PPPoE timeout to 30 seconds
- core: fix re-activating system connections with secrets
- core: fix crash when deleting automatically created wired connections
- core: ensure that a VPN's DNS servers are used when sharing the VPN connection
- ifcfg-rh: support routes files (rh #507307)
- ifcfg-rh: warn when device will be managed due to missing HWADDR (rh #545003)
- ifcfg-rh: interpret DEFROUTE as never-default (rh #528281)
- ifcfg-rh: handle MODE=Auto correctly
- rpm: fix rpmlint errors
- applet: don't crash on various D-Bus and other errors (rh #545011) (rh #542617)
- editor: fix various PolicyKit-related crashes (rh #462944)
- applet+editor: notify user that private keys must be protected
* Fri Nov 13 2009 Dan Williams <dcbw at redhat.com> - 0.7.996-7.git20091113
- nm: better pidfile handing (rh #517362)
- nm: save WiFi and Networking enabled/disabled states across reboot
- nm: fix crash with missing VPN secrets (rh #532084)
- applet: fix system connection usage from the "Connect to hidden..." dialog
- applet: show Bluetooth connections when no other devices are available (rh #532049)
- applet: don't die when autoconfigured connections can't be made (rh #532680)
- applet: allow system administrators to disable the "Create new wireless network..." menu item
- applet: fix missing username connecting to VPNs the second time
- applet: really fix animation stuttering
- editor: fix IP config widget tooltips
- editor: allow unlisted countries in the mobile broadband wizard (rh #530981)
- ifcfg-rh: ignore .rpmnew files (rh #509621)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #585394 - CVE-2010-1172 dbus-glib: property access not validated
        https://bugzilla.redhat.com/show_bug.cgi?id=585394
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update NetworkManager' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list