=========================================================== Ubuntu Security Notice USN-883-1 January 13, 2010 network-manager-applet vulnerabilities CVE-2009-4144, CVE-2009-4145 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.3 Ubuntu 9.04: network-manager-gnome 0.7.1~rc4.1-0ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144) It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys. (CVE-2009-4145)