A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem.
|Package||gnome-extra/nm-applet on all architectures|
|Affected versions||< 1.4.6-r1|
|Unaffected versions||>= 1.4.6-r1|
GNOME applet for NetworkManager is a GTK+ 3 front-end which works under Xorg environments with a systray.
Frederic Bardy and Quentin Biguenet discovered that GNOME applet for NetworkManager incorrectly checked permissions when connecting to certain wireless networks.
A local attacker could bypass security restrictions at the login screen to access local files.
There is no known workaround at this time.
All GNOME applet for NetworkManager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=gnome-extra/nm-applet-1.4.6-r1"
July 08, 2017
August 06, 2017: 2