A race condition that could disclose connection secrets to authenticated local users when changing ifcfg and keyfile connections was found. External Reference: https://mail.gnome.org/archives/networkmanager-list/2016-April/msg00000.html
Created NetworkManager tracking bugs for this issue: Affects: fedora-all [bug 1324027]
Fix from upstream: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f
rhel-5 version 0.7.0 unaffected: the vulnerable behaviour was introduced between 0.7.1 and 0.7.2.
From upstream description of the flaw: > could enable an unprivileged authenticated local user to read connection > secrets while the connection is being saved. The opportunity and impact of this vulnerability is very low, so tagging WONTFIX for rhel-6.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2581 https://rhn.redhat.com/errata/RHSA-2016-2581.html