Bug 820166

Summary: Fix for CVE-2012-2095 invalidates all templates that use 'ca_cert', 'password' and other fields.
Product: [Fedora] Fedora Reporter: Johann Bauer <ivbauer>
Component: wicdAssignee: David Cantrell <dcantrell>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 16CC: dcantrell, jlieskov
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard:
Fixed In Version: wicd-1.7.0-15.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:50:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johann Bauer 2012-05-09 10:09:31 UTC 
Hi,

this (upstream) bug renders wicd unusable for certain encryption settings.

Sorry for not adhering to the usual reporting procedure, but this bug seems to have been reported to upstream and solved in version 1.7.2.2 already, for the details please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669388 .

Kind regards,
Johann
Comment 1 Jan Lieskovsky 2012-05-09 12:43:26 UTC 
David,

  can you confirm the Johann's patch proposal would correct this regression?
If so, original Fedora's CVE-2012-2095 wicd bug can be moved to NEW state again to submit the updates (to correct this regression).

Would you need anything else from us due this, let us know.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 2 David Cantrell 2012-08-02 17:28:37 UTC 
Sorry for the delay.  Yes, this is a valid problem.  I have an updated patch to fix CVE-2012-2095 for all use cases.  This needs to be fixed in the F-16 and F-17 packages.
Comment 3 David Cantrell 2012-08-02 17:37:04 UTC 
I have built wicd-1.7.0-14.fc16 and wicd-1.7.2.1-3.fc17 to fix this problem in F-16 and F-17, respectively.  If someone wants to update the existing CVE-2012-2095 security update or issue a new one, feel free.  Otherwise I will wait for bug #811763 to go back to NEW and handle it there.
Comment 4 Fedora Update System 2012-10-23 14:11:25 UTC 
wicd-1.7.0-15.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/wicd-1.7.0-15.fc16
Comment 5 Fedora Update System 2012-10-24 02:49:21 UTC 
Package wicd-1.7.0-15.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing wicd-1.7.0-15.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16757/wicd-1.7.0-15.fc16
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-12-20 15:50:20 UTC 
wicd-1.7.0-15.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.