1.175. NetworkManager

Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.

Security Fix

CVE-2011-2176
It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could use this flaw to bypass intended PolicyKit restrictions, allowing them to enable wireless network sharing.
Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect.
Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files.

Security Fix

CVE-2011-3364
An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections.
Red Hat would like to thank Matt McCutchen for reporting this issue.
Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect.
Updated NetworkManager packages that fix a number of bugs and add some enhancements are now available.
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. It manages Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services.
Bug Fixes
BZ#584271
After Wireless was disabled in NetworkManager, a suspend and resume operation caused the wireless connection to become enabled automatically. This is now fixed to preserve the user set wireless state even after an rfkill operation (suspend and resume).
BZ#589230
Translations had assorted inconsistencies, including invalid characters as part of the network-manager-applet (languages: as, te, pa, gu, mr, fr, es, bn_IN) and NetworkManager (languages: bn_IN, es, fr, ja, mr). These are now fixed to display the correct translated strings.
BZ#608663
Due to a type truncation problem on 64-bit PPC systems, correctly configured connections was not displayed in connection editor. This is now fixed and connections are properly shown in the editor on all platforms as expected.
BZ#626337
Unprivileged users could change the status of the wireless connection and WWAN. This is now fixed to display a "not authorized" error for any unauthorized users attempting to change the wireless status.
BZ#627649
NetworkManager would insert warning messages in the /var/log/messages log file due to the hostname operation. This is now fixed to ensure no unnecessary warnings display during the hostname operation.
BZ#633501
Occasionally, the NetworkManager panel applet would not be able to determine user permissions to enable networking and therefore disabled the "Enable Networking" and "Enable Wireless" check boxes. This is now fixed to ensure that if the user has permissions to enable networking, the check boxes display as expected.
BZ#636877
Roaming between WPA/WPA2 access points in the same SSID attached to the same wireless LAN controller resulted in an unexpected re-authentication requirement. This is now fixed so that the SSID is preserved to be used again after a legitimate roaming disconnection event.
BZ#666078
Configurations that used multiple network devices where one device was an iSCSI adapter that should not have the default route were incorrectly handled. This is now fixed to ensure that iSCSI devices that are denied the default route do not receive it. (BZ665027)
* IPv6 static addressing configurations were unable to correctly save the gateway address. This is now fixed to ensure that the gateway address now saves the first configured IPv6 address.
BZ#668830
NetworkManager used to update /etc/hosts file, which could cause problems in some configurations. This is now fixed and NetworkManager does not modify /etc/hosts, leaving it for the administrator to set up.
BZ#692578
NetworkManager saved the WPA/WPA2 password despite selecting the "Ask for this password every time" option and presented a password field with some text when prompting the user to enter a new WPA/WPA2 connection password. This is fixed so that NetworkManager does not store passwords when "Ask for this password every time" is selected and displays an empty password field when prompting the user for the password.
Enhancements
BZ#634152
IPv6 information such as the IP Address and DNS servers now displays in the connection information.
BZ#662730
DHCP lease change events now trigger dispatcher scripts at the /etc/NetworkManager/dispatcher.d location.
Users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.