Bug 26713 - networkmanager new security issue CVE-2020-10754
Summary: networkmanager new security issue CVE-2020-10754
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA7-64-OK
Keywords: validated_update
: 27829 (view as bug list)
Depends on:
Blocks: 26673
  Show dependency treegraph
Reported: 2020-06-01 21:34 CEST by David Walser
Modified: 2020-12-15 17:03 CET (History)
6 users (show)

See Also:
Source RPM: networkmanager-1.18.6-1.2.mga7.src.rpm
Status comment:


Description David Walser 2020-06-01 21:34:47 CEST
Fedora has issued an advisory today (June 1):

The issue is fixed upstream in 1.18.8.
David Walser 2020-06-01 21:35:12 CEST

Status comment: (none) => Fixed upstream in 1.18.8

Comment 1 Lewis Smith 2020-06-02 21:16:12 CEST
Assigning to wally as registered maintainer, CC'ing Olav who also does it.

CC: (none) => olav
Assignee: bugsquad => jani.valimaa

Comment 2 Jani Välimaa 2020-06-05 21:04:27 CEST
Pushed networkmanager-1.18.8-1.mga7 to core/updates_testing.

It also includes fixes for bug 26673.
David Walser 2020-06-06 18:08:49 CEST

Blocks: (none) => 26673

Comment 3 David Walser 2020-06-06 18:19:29 CEST
type: security
subject: Updated networkmanager packages fix security vulnerability
 - CVE-2020-10754
     - networkmanager-1.18.8-1.mga7
     - networkmanager-applet-1.8.24-1.mga7
     - gnome-control-center-3.32.1-2.2.mga7
     - gnome-shell-3.32.1-2.1.mga7
description: |
  It was found that nmcli, a command line interface to NetworkManager did
  not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when
  creating a new profile. When a user connects to a network using this
  profile, the authentication does not happen and the connection is made
  insecurely (CVE-2020-10754).

  The networkmanager package has been updated to version 1.18.8, fixing
  this issue and other bugs.

  Also, the networkmanager-applet package has been updated to version
  1.8.24. It also adds support for connecting to WPA3 / SAE protected
  wireless networks.

  gnome-control-center and gnome-shell have been fixed to correctly
  identify the connections as WPA3.
 - https://bugs.mageia.org/show_bug.cgi?id=26673
 - https://bugs.mageia.org/show_bug.cgi?id=26713
 - https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/nm-1-18/NEWS
 - https://gitlab.gnome.org/GNOME/network-manager-applet/-/blob/1.8.24/NEWS
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SI4LWYUPI7M6B24ABADK24T77VF65B4A/

Status comment: Fixed upstream in 1.18.8 => (none)
Assignee: jani.valimaa => qa-bugs
CC: (none) => jani.valimaa

Comment 4 David Walser 2020-06-06 18:21:21 CEST
The networkmanager-applet, gnome-control-center, and gnome-shell stuff were already tested and OK'd in Bug 26673.

For the networkmanager package itself, the full set of RPMs is:
Comment 5 Brian Rockwell 2020-06-08 03:31:53 CEST
laptop a6 - wifi

Jun 07 20:17:21 localhost drakrpm[17767]: transaction on / (remove=0, install=0, upgrade=50)
Jun 07 20:17:25 localhost [RPM][17767]: install lib64nm-util2-1.18.8-1.mga7.x86_64: success
Jun 07 20:17:26 localhost [RPM][17767]: install lib64nm-glib-vpn1-1.18.8-1.mga7.x86_64: success
Jun 07 20:17:26 localhost [RPM][17767]: install tpm2-tss-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:27 localhost [RPM][17767]: install lib64tss2-mu0-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:28 localhost [RPM][17767]: install libmbim-utils-1.18.2-1.mga7.x86_64: success
Jun 07 20:17:29 localhost [RPM][17767]: install lib64mbim-glib4-1.18.2-1.mga7.x86_64: success
Jun 07 20:17:29 localhost [RPM][17767]: install mobile-broadband-provider-info-1:1.20190116-1.mga7.noarch: success
Jun 07 20:17:29 localhost [RPM][17767]: install lib64nma0-1.8.24-1.mga7.x86_64: success
Jun 07 20:17:30 localhost [RPM][17767]: install lib64unbound8-1.10.1-1.mga7.x86_64: success
Jun 07 20:17:31 localhost [RPM][17767]: install vpnc-0.5.3-14.mga7.x86_64: success
Jun 07 20:17:34 localhost [RPM][17767]: install unbound-1.10.1-1.mga7.x86_64: success
Jun 07 20:17:34 localhost [RPM][17767]: install lib64qmi-glib5-1.22.2-1.mga7.x86_64: success
Jun 07 20:17:35 localhost [RPM][17767]: install libqmi-utils-1.22.2-1.mga7.x86_64: success
Jun 07 20:17:35 localhost [RPM][17767]: install lib64tss2-sys0-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:36 localhost [RPM][17767]: install lib64tss2-tcti-device0-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:36 localhost [RPM][17767]: install lib64tss2-tcti-mssim0-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:37 localhost [RPM][17767]: install lib64tss2-esys0-2.2.2-1.1.mga7.x86_64: success
Jun 07 20:17:37 localhost [RPM][17767]: install lib64nm-glib4-1.18.8-1.mga7.x86_64: success
Jun 07 20:17:38 localhost [RPM][17767]: install lib64nm-gtk0-1.8.24-1.mga7.x86_64: success
Jun 07 20:17:40 localhost [RPM][17767]: install luit-1.1.1-10.mga7.x86_64: success
Jun 07 20:17:41 localhost [RPM][17767]: install xterm-344-1.mga7.x86_64: success
Jun 07 20:17:41 localhost [RPM][17767]: install lib64mm-glib0-1.10.0-1.mga7.x86_64: success
Jun 07 20:17:42 localhost [RPM][17767]: install lib64tspi1-0.3.14-4.1.mga7.x86_64: success
Jun 07 20:17:43 localhost [RPM][17767]: install lib64openconnect5-8.10-1.mga7.x86_64: success
Jun 07 20:17:44 localhost [RPM][17767]: install openconnect-8.10-1.mga7.x86_64: success
Jun 07 20:17:45 localhost [RPM][17767]: install networkmanager-openconnect-1.2.4-4.mga7.x86_64: success
Jun 07 20:17:46 localhost [RPM][17767]: install lib64expect5.45.4-1:5.45.4-3.mga7.x86_64: success
Jun 07 20:17:47 localhost [RPM][17767]: install expect-1:5.45.4-3.mga7.x86_64: success
Jun 07 20:17:48 localhost [RPM][17767]: install perl-IPC-Signal-1.0.0-13.mga7.noarch: success
Jun 07 20:17:48 localhost [RPM][17767]: install perl-Proc-WaitStat-1.0.0-14.mga7.noarch: success
Jun 07 20:17:48 localhost [RPM][17767]: install perl-Authen-PAM-0.160.0-22.mga7.x86_64: success
Jun 07 20:17:49 localhost [RPM][17767]: install lib64ndp0-1.6-3.mga7.x86_64: success



Network tools I use are still functional and the system is connecting.

CC: (none) => brtians1

David Walser 2020-06-08 03:37:38 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 6 Thomas Andrews 2020-06-08 04:08:29 CEST
Installed and set up network manager on a 64-bit Plasma install with both wired and wifi connections. Was able to switch back and forth with no problems.

Using qarepo, I updated the packages from this bug, plus the additional packages from Bugs 26673 and 26674. All packages updated cleanly. Rebooted to make sure the new network manager was being used, and once again connections were stable and I was able to switch back and forth.

Looks OK here. Validating. Advisory information in Comment 3 and, I guess, Comment 4.
Thomas Andrews 2020-06-08 04:08:52 CEST

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 7 Mageia Robot 2020-06-15 09:55:56 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Comment 8 David Walser 2020-12-15 17:03:54 CET
*** Bug 27829 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu

Note You need to log in before you can comment on or make changes to this bug.