NetworkManager-applet-1.24.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10603 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z NetworkManager-applet-1.24.0-1.2 on GA media These are all security issues fixed in the NetworkManager-applet-1.24.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10603 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10603 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-6590/ SUSE CVE CVE-2017-6590 page openSUSE Tumbleweed NetworkManager-applet-1.24.0-1.2 NetworkManager-applet-lang-1.24.0-1.2 NetworkManager-connection-editor-1.24.0-1.2 NetworkManager-applet-1.24.0-1.2 as a component of openSUSE Tumbleweed NetworkManager-applet-lang-1.24.0-1.2 as a component of openSUSE Tumbleweed NetworkManager-connection-editor-1.24.0-1.2 as a component of openSUSE Tumbleweed An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. CVE-2017-6590 openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2 openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2 openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6590.html CVE-2017-6590 https://bugzilla.suse.com/1028792 SUSE Bug 1028792