[Desktop-packages] [Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication

Launchpad Bug Tracker Mon, 13 May 2019 07:31:05 -0700

This bug was fixed in the package network-manager - 1.10.14-0ubuntu2

---------------
network-manager (1.10.14-0ubuntu2) bionic; urgency=medium


  [ Till Kamppeter ]
  * debian/tests/nm: Add gi.require_version() calls for NetworkManager
    and NMClient to avoid stderr output which fails the test.

  [ Iain Lane ]
  * debian/tests/control: The nm tests need dnsmasq-base and isc-dhcp-client
    too.

network-manager (1.10.14-0ubuntu1) bionic; urgency=medium

  * New stable version (LP: #1809132), including:
    - Support private keys encrypted with AES-{192,256}-CBC in libnm
      (LP: #942856)
    - Fix leak of DNS queries to local name servers when connecting to a
      full-tunnel VPN (CVE-2018-1000135) (LP: #1754671)
  * Dropped patch applied upstream:
    - debian/patches/CVE-2018-15688.patch
    - debian/patches/e91f1a7d2a6b8400b6b331d5b72287dcb5164a39.patch
  * Refreshed patches:
    - debian/patches/Don-t-make-NetworkManager-D-Bus-activatable.patch
    - debian/patches/Force-online-state-with-unmanaged-devices.patch
    - debian/patches/Read-system-connections-from-run.patch
    - debian/patches/Update-dnsmasq-parameters.patch
    - 
debian/patches/libnm-register-empty-NMClient-and-NetworkManager-when-loa.patch

 -- Till Kamppeter <till.kamppe...@gmail.com>  Fri, 10 May 2019 13:34:00
+0200

** Changed in: network-manager (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000135

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15688

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/942856

Title:
  NetworkManager does not support AES-encrypted private keys for WPA
  802.1x authentication

Status in NetworkManager:
  Confirmed
Status in network-manager package in Ubuntu:
  Fix Released
Status in network-manager source package in Bionic:
  Fix Released

Bug description:
  * Impact

  Selecting AES-{192,256}-CBC keys to connect isn't working

  * Test case

  1. Start with a working (cleartext or DES-3) private key/cert for a network.  
Set up a connection and verify that everything works.
  2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in 
working-key.pem -out aes-key.pem -aes256" (the output should have a line 
starting with "DEK-Info: AES-256-CBC,")
  3. Delete the settings for the test network and attempt to reconnect using 
the new key. 

  That should work

  * Regression potential

  That's new code for an extra type of keys, it shouldn't impact
  existing options

  --------------

  NetworkManager does not appear to support private keys encrypted with
  AES.  At the very least, it will not validate such a key in nm-util
  when setting up a WPA 802.1x TLS wifi connection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication

Reply via email to