Joined: 12 May 2004
|Posted: Wed Jul 12, 2017 11:26 am Post subject: [ GLSA 201707-09 ] GNOME applet for NetworkManager
|Gentoo Linux Security Advisory
Title: GNOME applet for NetworkManager: Arbitrary file read/write (GLSA 201707-09)
A vulnerability has been found in GNOME applet for NetworkManager
allowing local attackers to access the local filesystem.
GNOME applet for NetworkManager is a GTK+ 3 front-end which works under
Xorg environments with a systray.
Vulnerable: < 1.4.6-r1
Unaffected: >= 1.4.6-r1
Architectures: All supported architectures
Frederic Bardy and Quentin Biguenet discovered that GNOME applet for
NetworkManager incorrectly checked permissions when connecting to certain
A local attacker could bypass security restrictions at the login screen
to access local files.
There is no known workaround at this time.
All GNOME applet for NetworkManager users should upgrade to the latest
|# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/nm-applet-1.4.6-r1"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 2 times in total