[USN-3807-1] NetworkManager vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

protocol=”application/pgp-signature”;
boundary=”VmU3yINTKUWukFVz0Wxi1Rl6kMYTX6cPc”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–VmU3yINTKUWukFVz0Wxi1Rl6kMYTX6cPc

protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: “ubuntu-security-announce@lists.ubuntu.com”

Message-ID:
Subject: [USN-3807-1] NetworkManager vulnerability

–sAN1HUvkshTQtGH9nnAJ9N5revXJVqli5

Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3807-1
November 05, 2018

network-manager vulnerability
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

NetworkManager could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
– network-manager: Network connection manager

Details:

Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client
incorrectly handled certain DHCPv6 messages. In non-default configuration=
s
where the internal DHCP client is enabled, an attacker on the same networ=
k
could use this issue to cause NetworkManager to crash, resulting in a
denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
network-manager 1.12.4-1ubuntu1.1

Ubuntu 18.04 LTS:
network-manager 1.10.6-2ubuntu1.1

Ubuntu 16.04 LTS:
network-manager 1.2.6-0ubuntu0.16.04.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3807-1
CVE-2018-15688

Package Information:
https://launchpad.net/ubuntu/+source/network-manager/1.12.4-1ubuntu1.1
https://launchpad.net/ubuntu/+source/network-manager/1.10.6-2ubuntu1.1
https://launchpad.net/ubuntu/+source/network-manager/1.2.6-0ubuntu0.16.=
04.3

–sAN1HUvkshTQtGH9nnAJ9N5revXJVqli5–

–VmU3yINTKUWukFVz0Wxi1Rl6kMYTX6cPc

Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlvgXuYACgkQZWnYVadE
vpOwaQ//Sw7hljbrUmZVvCwY6Y66IheknbzrjilpC5s37YN+T5I2PqN6tSNGOfYG
quuAwSA7PgF1YqX11wQryDDZxGzKH/6J3HgyncWg+zV3O6z5fyUKxfOBRQ3iwh64
VGDb3SdOers2ZNXagFAEW5Eqk3mcKAxVwC6TSOtJa0ktQP8SjBq6s9JzGT7YjLTJ
0KxU6r5HE85rF5u1uE6gHE8r/m0aKtsd+1Su1QF3U88XDaAEqabCOT3QAQgQLliI
KOdlt3AbnET1boPjpbtPtWO+OFgzr34ZuhQJ0XGRs9DUbL/+NqKiTxbAvShozfys
6ZDOLUBLc6LPTydzD3C64QfpbJSxhtC5id7GZqh60NHamMgpXAGI7wYQahJ0yfjl
vJKa05Y2OO62Rbqn9QvnbwyE9iur16WjErd17ZyPS1QQIce6JRiZjHn3QRy0Q5jj
9dKdtFyHkoeWP21qempx4GL0zxDlFrzUyp6H0kUaYs8l5lk6c/1AseJSr9XGrCKy
kUrAvwkXYF3Ur4BsVK1Z89Kmg0x1xVrwvGfgNJGYQXlBKyjaT2HlYF+OIm61Szd/
5qYPqxoJZbjpiwOoFYwo8yX3tGqP7xcCOiW06yYiFIfbmCuD7CFy5EQqhVK4g7M3
75onninZlFxjmc+aIXqeqOJlmGvyfYPRoMH952KT++uHsCQ/J+M=
=hlmU
—–END PGP SIGNATURE—–

–VmU3yINTKUWukFVz0Wxi1Rl6kMYTX6cPc–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK