Opened 4 years ago

Closed 4 years ago

#9231 closed enhancement (fixed)

NetworkManager network-manager-applet 1.8.0 (CVE-2017-6590)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor versions.

I'll take this one, and put it on my ThinkPad. This'll include support for Mobile Broadband too thanks to the new 4G LTE card that I have purchased and will install tomorrow.

Change History (6)

comment:1 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Status: newassigned

Taking these.

I'll get to at least gtk+-3.22.14 tomorrow, as well as at-spi2-*.

comment:2 by bdubbs@…, 4 years ago

Milestone: 8.1m8.1

Milestone renamed

comment:3 by bdubbs@…, 4 years ago

Milestone: m8.18.1

Milestone renamed

comment:4 by Douglas R. Reno, 4 years ago

NetworkManager:

============================================
NetworkManager-1.8
Overview of changes since NetworkManager-1.6
============================================

This is a new stable release of NetworkManager.  Notable changes include:

* Default routes set by devices that failed connectivity checks are now
    penalized with a higher metric
* nmcli is now able to produce output more friendly for machine parsing
* The slaves available at the time a master connection is activated are
    enslaved in a stable order, making the automatic MAC address for Bonding
    devices more predictable.
* Hostname management is now more flexibly configured
* Support for additional route options (pref-src, src, tos, window, cwnd,
    initcwnd, initrwnd, mtu, lock-window, lock-cwnd, lock-initcwnd, lock-initrwnd,
    and lock-mtu).
* Fixed detection of EAP-FAST support in wpa_supplicant
* Support for handling PINs for PKCS#11 tokens as secrets
* GSM and CDMA connections now have a MTU property
* An option to disable selected TLS versions during EAP phase 1 authentication
* The 802.1x authentication timeout is now configurable to allow a faster
    fallback to other connections
* Persist managed state of device until reboot. This improves seamless take over
    of a previously managed device after restart of NetworkManager.
* Better handle devices that are externally managed by somebody else by
    consistently generating an in-memory connection to reflect the external
    state.
* Expose SRIOV capability of a device on D-Bus and support configuring the
    number of virtual functions via NetworkManager.conf.
* Support matching networking devices via new "driver:" device spec in
    NetworkManager.conf.
* Introduced support for creating and managing dummy links
* The teaming devices now support setting a hardcoded MAC address
* Settings of bonding devices can now be modified on-the-fly, without the
    need to reactivate a connection
* The failures to activate a connection now communicate better error
    responses to nmcli
* Dropped dependency on libgudev
* Reverse Path filtering is now disabled in multihoming configurations where
    it would interfere with legitimate network traffic
* libcurl is used instead of libsoup for connectivity checking, resulting in
    a smaller dependency footprint
* With DNS mode "rc-manager=symlink", don't write /etc/resolv.conf as
    a symlink if it already exists as a regular file.
* Support attaching user-data in form of key-value pairs to connection profiles.
* Fix accpeting fully qualified name for ipv4.dhcp-hostname setting.
* Make NetworkManager more forgiving to failure to change the MAC address during
    scanning.
* Many bug fixes and improvements

comment:5 by Douglas R. Reno, 4 years ago

Priority: normalhigh
Summary: NetworkManager network-manager-applet 1.8.0NetworkManager network-manager-applet 1.8.0 (CVE-2017-6590)

network-manager-applet

======================================================
network-manager-applet-1.8
Overview of changes since network-manager-applet-1.4.6
======================================================

This is a new stable release of network-manager-applet.  Notable changes include:

* Warn editor users if certificates have wrong SELinux labels
* Added a PKCS#11 capable certificate chooser to EAP-TLS
* Request Wi-Fi scan when showing the menu and update the scan
    result list dynamically.
* Prevent the use from opening a file open dialog if they don't have
    permission to edit connections (e.g. in the login manager session)
    (CVE-2017-6590)
* Fix broken libnma's pygobject library
* Add version macros to libnma.

Security flaw: CVE-2017-6590

comment:6 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18764

Note: See TracTickets for help on using tickets.