A race condition that could disclose connection secrets to authenticated local users when changing ifcfg and keyfile connections was found.
Created NetworkManager tracking bugs for this issue:
Affects: fedora-all [bug 1324027]
Fix from upstream: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f
rhel-5 version 0.7.0 unaffected: the vulnerable behaviour was introduced between 0.7.1 and 0.7.2.
From upstream description of the flaw:
> could enable an unprivileged authenticated local user to read connection
> secrets while the connection is being saved.
The opportunity and impact of this vulnerability is very low, so tagging WONTFIX for rhel-6.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:2581 https://rhn.redhat.com/errata/RHSA-2016-2581.html