[bluewhite64-security] wicd (BW64SA:20090210-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[bluewhite64-security] wicd (BW64SA:20090210-01)

New wicd packages are available for Bluewhite64 12.2 and -current to fix a
security issue with the D-Bus configuration file that could allow local
information disclosure (such as network credentials).

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489

Here are the details from the Bluewhite64 12.2 ChangeLog:
+--------------------------+
PATCHES/packages/wicd-1.5.9-noarch-1.tgz: Upgraded to wicd-1.5.9.
This fixes a security problem with the D-Bus configuration file that allows
local users to intercept D-Bus messages, possibly including wireless network
credentials. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489
[*** Security fix ***]
+--------------------------+


Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://bluewhite64.com for additional
mirror sites near you.

Updated package for Bluewhite64 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/wicd-1.5.9-noarch-1.tgz

Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/extra/wicd/wicd-1.5.9-noarch-1.tgz


MD5 signatures:
+-------------+
Bluewhite64 12.2 package:
0f90693aa2c0c042d021633c4cbb9e75 wicd-1.5.9-noarch-1.tgz

Bluewhite64 -current package:
0f90693aa2c0c042d021633c4cbb9e75 wicd-1.5.9-noarch-1.tgz



Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg wicd-1.5.9-noarch-1.tgz

Reload D-Bus:
# /etc/rc.d/rc.messagebus reload

Restart wicd:
# /etc/rc.d/rc.wicd restart

Finally, restart any stopped instances of wicd-client as the normal user(s).

Alternate approach: Upgrade the wicd package and reboot.



+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key

security©bluewhite64.com


+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmR9skACgkQpTOsxuDdlY7/PACfYtefQAhlIgQDO/0Y+sY926g9
PzQAn01A/mZbvQA5k3Mtapcqe0smuJBG
=wGYO
-----END PGP SIGNATURE-----