Bug 820166 - Fix for CVE-2012-2095 invalidates all templates that use 'ca_cert', 'password' and other fields.
Fix for CVE-2012-2095 invalidates all templates that use 'ca_cert', 'password...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: wicd (Show other bugs)
16
i686 Unspecified
unspecified Severity high
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-09 06:09 EDT by Johann Bauer
Modified: 2012-12-20 10:50 EST (History)
2 users (show)

See Also:
Fixed In Version: wicd-1.7.0-15.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-20 10:50:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Johann Bauer 2012-05-09 06:09:31 EDT
Hi,

this (upstream) bug renders wicd unusable for certain encryption settings.

Sorry for not adhering to the usual reporting procedure, but this bug seems to have been reported to upstream and solved in version 1.7.2.2 already, for the details please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669388 .

Kind regards,
Johann
Comment 1 Jan Lieskovsky 2012-05-09 08:43:26 EDT
David,

  can you confirm the Johann's patch proposal would correct this regression?
If so, original Fedora's CVE-2012-2095 wicd bug can be moved to NEW state again to submit the updates (to correct this regression).

Would you need anything else from us due this, let us know.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 2 David Cantrell 2012-08-02 13:28:37 EDT
Sorry for the delay.  Yes, this is a valid problem.  I have an updated patch to fix CVE-2012-2095 for all use cases.  This needs to be fixed in the F-16 and F-17 packages.
Comment 3 David Cantrell 2012-08-02 13:37:04 EDT
I have built wicd-1.7.0-14.fc16 and wicd-1.7.2.1-3.fc17 to fix this problem in F-16 and F-17, respectively.  If someone wants to update the existing CVE-2012-2095 security update or issue a new one, feel free.  Otherwise I will wait for bug #811763 to go back to NEW and handle it there.
Comment 4 Fedora Update System 2012-10-23 10:11:25 EDT
wicd-1.7.0-15.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/wicd-1.7.0-15.fc16
Comment 5 Fedora Update System 2012-10-23 22:49:21 EDT
Package wicd-1.7.0-15.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing wicd-1.7.0-15.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16757/wicd-1.7.0-15.fc16
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-12-20 10:50:20 EST
wicd-1.7.0-15.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.