Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900).

The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-eb5ea0abaf

This update has been submitted for testing by lkundrak.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon robbinespu commented & provided feedback 4 years ago
karma

work

This update has been submitted for batched by bodhi.

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

lkundrak edited this update.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1603287 NetworkManager-vpnc: FTBFS in Fedora rawhide
0
0
BZ#1605919 CVE-2018-10900 NetworkManager-vpnc: privilege escalation allows to execute arbitrary commands as root
0
0
BZ#1605921 CVE-2018-10900 NetworkManager-vpnc: privilege escalation allows to execute arbitrary commands as root [fedora-all]
0
0

Automated Test Results