Patched package uploaded. Advisory: ======================== Updated wicd package fixes security vulnerability: wicd prior to 1.7.2 suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker could use this to inject arbitrary code through the DBus interface (CVE-2012-2095). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2095 https://bugzilla.redhat.com/show_bug.cgi?id=811762 ======================== Updated packages in core/updates_testing: ======================== wicd-1.7.0-4.1.mga1 from wicd-1.7.0-4.1.mga1.src.rpm
Created attachment 2107 [details] wicd.log Not clear what else needs to be installed or configured to allow the wicd daemon to run.
CC: (none) => misc
CC: (none) => fundawang
I got these links from Florian, who has used this before (not with much success, but at least he got it to run), hope it helps: https://help.ubuntu.com/community/WICD https://wiki.archlinux.org/index.php/Wicd He also mentioned you may need to do "service wicd start"
Created attachment 2261 [details] wicd.log I've removed networkmanager, and rebooted, but service wicd start still fails to start with the same error. Something is very broken in this update, or there is some missing requires, in my opinion. Most of the info in those links are about how to get it working in a desktop environment, but it is not possible to get it to work in a wm if the service will not start.
Does the version in core/release start?
(In reply to comment #4) > Does the version in core/release start? I'll check that in a few minutes. I've found https://bugs.launchpad.net/wicd/+bug/602825/comments/37 that discusses a fix for the incompatibility between wicd and python2.7 that seems to be missing from this build.
CC: (none) => davidwhodgins
Core Release version has the same problem.
(In reply to comment #6) > Core Release version has the same problem. OK, good. Thanks for that other link, I'll look into that when I get a chance. RedHat has an additional patch or two in their package that may be of use also. The CVE patch is to the code that reads the configuration, which is where it looks like the errors you reported are coming from, so I just wanted to make sure it wasn't caused by the patch. If you get a chance some time, could you try it on Cauldron? I'm guessing it will have to be fixed as well.
Created attachment 2277 [details] wicd.log on cauldron Problem confirmed on cauldron as well. I guess that makes this a very low priority bug, as the lack of bug reports indicate no-one is using it. Given that it conflicts with both of the drak network tools, and network manager, perhaps the package should just be dropped.
(In reply to comment #8) > Created attachment 2277 [details] > wicd.log on cauldron > > Problem confirmed on cauldron as well. Thanks. > I guess that makes this a very low priority bug, as the lack of bug > reports indicate no-one is using it. Indeed. Florian said he had tried it in the past and it ate his network configuration :o) > Given that it conflicts with both of the drak network tools, and network > manager, perhaps the package should just be dropped. No argument from me! Feel free to propose that on the -dev list. Otherwise I'll try to fix it when I have time to (it's gonna be a really busy next few weeks).
CC: (none) => qa-bugsDepends on: (none) => 5926Assignee: qa-bugs => bugsquad
If we ever decide to fix this, there's also CVE-2012-0813, which was fixed upstream in 1.7.1. http://lwn.net/Vulnerabilities/482177/
URL: (none) => http://lwn.net/Vulnerabilities/482177/Summary: wicd new security issue CVE-2012-2095 => wicd new security issue CVE-2012-2095 and CVE-2012-0813
This message is a reminder that Mageia 1 is nearing its end of life. In approximately 25 days from now, Mageia will stop maintaining and issuing updates for Mageia 1. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '1'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 1's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 1 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. -- Mageia Bugsquad
Mageia 1 changed to end-of-life (EOL) status on ''1st December''. Mageia 1 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- Mageia Bugsquad
Status: NEW => RESOLVEDResolution: (none) => WONTFIX