Ubuntu Security Notice USN-6236-1

==========================================================================Ubuntu Security Notice USN-6236-1July 19, 2023connman vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in ConnMan.Software Description:- connman: Intel Connection Manager daemonDetails:It was discovered that ConnMan could be made to write out of bounds. Aremote attacker could possibly use this issue to cause ConnMan to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.(CVE-2021-26675, CVE-2021-33833)It was discovered that ConnMan could be made to leak sensitive informationvia the gdhcp component. A remote attacker could possibly use this issueto obtain information for further exploitation. This issue only affectedUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676)It was discovered that ConnMan could be made to read out of bounds. Aremote attacker could possibly use this issue to case ConnMan to crash,resulting in a denial of service. This issue only affected Ubuntu 16.04LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2022-23096, CVE-2022-23097)It was discovered that ConnMan could be made to run into an infinite loop.A remote attacker could possibly use this issue to cause ConnMan toconsume resources and to stop operating, resulting in a denial of service.This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098)It was discovered that ConnMan could be made to write out of bounds viathe gweb component. A remote attacker could possibly use this issue tocause ConnMan to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292)It was discovered that ConnMan did not properly manage memory undercertain circumstances. A remote attacker could possibly use this issue tocause ConnMan to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293)It was discovered that ConnMan could be made to write out of bounds viathe gdhcp component. A remote attacker could possibly use this issue tocause ConnMan to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2023-28488)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   connman                         1.41-2ubuntu0.23.04.1Ubuntu 22.04 LTS:   connman                         1.36-2.3ubuntu0.1Ubuntu 20.04 LTS:   connman                         1.36-2ubuntu0.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):   connman                         1.35-6ubuntu0.1~esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):   connman                         1.21-1.2+deb8u1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6236-1   CVE-2021-26675, CVE-2021-26676, CVE-2021-33833, CVE-2022-23096,   CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293,   CVE-2023-28488Package Information:https://launchpad.net/ubuntu/+source/connman/1.41-2ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1   https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1