Ubuntu Security Notice USN-2581-1
28th April, 2015
network-manager vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu (vivid)
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
NetworkManager would allow unintended access to files and modem device
configuration.
Software description
- network-manager
– Network connection manager
Details
Tavis Ormandy discovered that NetworkManager incorrectly filtered paths
when requested to read modem device contexts. A local attacker could
possibly use this issue to bypass privileges and manipulate modem device
configuration or read arbitrary files.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu (vivid):
-
network-manager
0.9.10.0-4ubuntu15.1
- Ubuntu 14.10:
-
network-manager
0.9.8.8-0ubuntu28.1
- Ubuntu 14.04 LTS:
-
network-manager
0.9.8.8-0ubuntu7.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.