From secunia security advisory at $URL: Description A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to an input sanitisation error within the "SetWiredProperty()" method (wicd-daemon.py) when setting certain properties and can be exploited to execute arbitrary commands. The vulnerability is reported in version 1.7.1. Prior versions may also be affected. Solution Update to version 1.7.2.
Hmm, nls toggle was dropped and the curses gui stopped to work. 1.7.2 looks bad(tm), I'll need a bit to sort things out, sorry. Please stay tuned.
*** Bug 411759 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > Hmm, nls toggle was dropped and the curses gui stopped to work. 1.7.2 looks > bad(tm), I'll need a bit to sort things out, sorry. Please stay tuned. How about make, e.g. 1.7.1_pre20120127-r1 or 1.7.1-r4 that contains the patch for wicd-daemon.py?
1.7.2.1 is in cvs. Happy Fri 13! + 13 Apr 2012; Thomas Kahle <tomka@gentoo.org> +wicd-1.7.2.1.ebuild: + Security bump (bug 411729)
x86, amd64: Please test and stable.
amd64 stable
x86 stable
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in GLSA 201206-08 at http://security.gentoo.org/glsa/glsa-201206-08.xml by GLSA coordinator Sean Amoss (ackle).
