It was reported [1],[2] that wicd suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker could use this to inject arbitrary code through the DBus interface. This has been corrected upstream [3] in the 1.7.2 release [4]. [1] http://seclists.org/fulldisclosure/2012/Apr/123 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397 [3] http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751 [4] https://launchpad.net/wicd/+announcement/9888
Created wicd tracking bugs for this issue Affects: fedora-all [bug 811763] Affects: epel-6 [bug 811764]
wicd-1.7.2.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
wicd-1.7.0-12.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
wicd-1.7.0-13.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
wicd-1.7.0-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.