MGASA-2020-0260
- Source
- https://advisories.mageia.org/MGASA-2020-0260.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0260.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2020-0260
- Related
- Published
- 2020-06-15T07:54:40Z
- Modified
- 2020-06-15T07:08:53Z
- Summary
- Updated networkmanager packages fix security vulnerability
- Details
-
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely (CVE-2020-10754).
The networkmanager package has been updated to version 1.18.8, fixing this issue and other bugs.
Also, the networkmanager-applet package has been updated to version 1.8.24. It also adds support for connecting to WPA3 / SAE protected wireless networks.
gnome-control-center and gnome-shell have been fixed to correctly identify the connections as WPA3.
- References
-
- https://advisories.mageia.org/MGASA-2020-0260.html
- https://bugs.mageia.org/show_bug.cgi?id=26713
- https://bugs.mageia.org/show_bug.cgi?id=26673
- https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/nm-1-18/NEWS
- https://gitlab.gnome.org/GNOME/network-manager-applet/-/blob/1.8.24/NEWS
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SI4LWYUPI7M6B24ABADK24T77VF65B4A/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / networkmanager
Package
- Name
- networkmanager
- Purl
- pkg:rpm/mageia/networkmanager?distro=mageia-7
Mageia:7 / networkmanager-applet
Package
- Name
- networkmanager-applet
- Purl
- pkg:rpm/mageia/networkmanager-applet?distro=mageia-7
Mageia:7 / gnome-control-center
Package
- Name
- gnome-control-center
- Purl
- pkg:rpm/mageia/gnome-control-center?distro=mageia-7
Mageia:7 / gnome-shell
Package
- Name
- gnome-shell
- Purl
- pkg:rpm/mageia/gnome-shell?distro=mageia-7