Tags Tags

Bug#628730: network-manager-openvpn logs password

May 31st, 2011 - 03:40 pm ET by Thijs Kinkhorst | Report spam
Help Create a new topic
Package: network-manager-openvpn
Severity: important
Tags: security

Hi,

The following issue has been reported to Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?idp8876


Password to unlock certificate is logged to /var/log/messages

May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret:
destroying ********

Version-Release number of selected component (if applicable):

NetworkManager-openvpn-0.8.999-1.fc15.x86_64



Can you please verify if Debian is affected and if so upload fixed packages?

Please reference CVE-2011-1943 in your changelog entry when you fix this
issue.


Thanks,
Thijs




To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
email Follow the discussionReplies 1 replyReplies Make a reply

Similar topics

Display all similar topics

Replies

#1 Michael Biebl
May 31st, 2011 - 04:40 pm ET | Report spam
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

reassign 628730 network-manager
found 628730 0.8.999-1
notfound 628730 0.8.9997-1
thanks

Am 31.05.2011 22:21, schrieb Michael Biebl:

This issue is in network-manager, not network-manager-openvpn.
and this only affects the Fedora package not the one in Debian.

Fedora ships a snapshot from the upstream f15 git branch, where some debugging
outputs were accidentally left around [1].



Small correction here: the master branch was also affected, i.e. version
0.8.999-1 which was previously uploaded to experimental.
I've already uploaded 0.8.9997-1 a few days ago, so this issue is fixed.



[1]
http://cgit.freedesktop.org/Network...2e63d065f6




Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?







To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search