Headline
Debian Security Advisory 5416-1
Debian Linux Security Advisory 5416-1 - It was discovered that there was a potential buffer overflow and denial of service vulnerability in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5416-1 [email protected]://www.debian.org/security/ Aron XuMay 31, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : connmanCVE ID : CVE-2023-28488Debian Bug : 1034393It was discovered that there was a potential buffer overflow and denialof service vulnerabilty in the gdhcp client implementation of connman, acommand-line network manager designed for use on embedded devices.For the stable distribution (bullseye), this problem has been fixed inversion 1.36-2.2+deb11u2.We recommend that you upgrade your connman packages.For the detailed security status of connman please refer toits security tracker page at:https://security-tracker.debian.org/tracker/connmanFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmR2MiEACgkQO1LKKgqv2VQR/QgApr1QeIQIfrW7WfJYD0C0xVXhLuO2X1D2yxgUjHIEChpaWu7ogcOh3dBNQkZAWmsWqFs/TnCdrltt8txJHfBz/PYkzPjwBN/CHZjW2t7HxCZqmA3tnuHGtzotJRQD5G2d1W5ycJUL88ZWar0GKn98nwdsxTCRy8mi157Gy588pTrQbS+P9HtTK0I0eUysoupKoEb2HGgn6nlpQJoRWqJnqkv7FmB6jOecP4ivAnmjwiciwMztIvggsJ+yjYns6BXLzNQyU5T0ch2a2Mduddm4iR9Ax7KV8fv8+UIEEzwp+2tCKctV/yAmQodgK3LJsgIkoFMJBMjevuozcp8o6QNbZw=åQs-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.