Advisories ยป MGASA-2020-0260

Updated networkmanager packages fix security vulnerability

Publication date: 15 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10754

Description

It was found that nmcli, a command line interface to NetworkManager did
not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when
creating a new profile. When a user connects to a network using this
profile, the authentication does not happen and the connection is made
insecurely (CVE-2020-10754).

The networkmanager package has been updated to version 1.18.8, fixing
this issue and other bugs.

Also, the networkmanager-applet package has been updated to version
1.8.24. It also adds support for connecting to WPA3 / SAE protected
wireless networks.

gnome-control-center and gnome-shell have been fixed to correctly
identify the connections as WPA3.
                

References

SRPMS

7/core