SUSE-SU-2012:0283-1: moderate: Security update for NetworkManager
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Sat Feb 18 05:08:14 MST 2012
SUSE Security Update: Security update for NetworkManager
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0283-1
Rating: moderate
References: #574266
Cross-References: CVE-2006-7246
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.
Security Issue reference:
* CVE-2006-7246
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7246
>
Special Instructions and Notes:
Please reboot the system after installing this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
NetworkManager-0.6.6-0.21.5
NetworkManager-devel-0.6.6-0.21.5
NetworkManager-glib-0.6.6-0.21.5
NetworkManager-gnome-0.6.6-0.21.5
wpa_supplicant-0.4.8-14.29.5
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
NetworkManager-0.6.6-0.21.5
NetworkManager-devel-0.6.6-0.21.5
NetworkManager-glib-0.6.6-0.21.5
NetworkManager-gnome-0.6.6-0.21.5
wpa_supplicant-0.4.8-14.29.5
References:
http://support.novell.com/security/cve/CVE-2006-7246.html
https://bugzilla.novell.com/574266
http://download.novell.com/patch/finder/?keywords=3ae188b8ee6ea152ca6d4acbf24ee30e
More information about the sle-security-updates
mailing list