From the Red Hat bug at $URL: A security flaw was found in the way NetworkManager, a network connections manager, and wpa_supplicant, a WPA/WPA2/IEEE 802.1X supplicant, performed system file paths sanitization for x509v3 certificate and private key files, used for connection to trusted networks. A local attacker, with the privilege to add new network connection, could use this flaw to read arbitrary system files. Red Hat would like to thank Ludwig Nussel of the SUSE security team for reporting this issue.
Is there a patch for this issue somewhere? (I don't see anything immediately obvious in NetworkManager git.)
(In reply to comment #1) > Is there a patch for this issue somewhere? (I don't see anything immediately > obvious in NetworkManager git.) I do not see one anywhere. There is a private Red Hat bug linked, https://bugzilla.redhat.com/show_bug.cgi?id=756419, but I do not what it contains.
Is this bug safe to deadpool? 4 years old.
4 year old bug, since that time, a number of releases. I will consider this dead unless someone has the specifics. closing!