==========================================================================
Ubuntu Security Notice USN-3807-1
November 05, 2018
network-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
NetworkManager could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
– network-manager: Network connection manager
Details:
Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client
incorrectly handled certain DHCPv6 messages. In non-default configurations
where the internal DHCP client is enabled, an attacker on the same network
could use this issue to cause NetworkManager to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
network-manager 1.12.4-1ubuntu1.1
Ubuntu 18.04 LTS:
network-manager 1.10.6-2ubuntu1.1
Ubuntu 16.04 LTS:
network-manager 1.2.6-0ubuntu0.16.04.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3807-1
CVE-2018-15688
Package Information:
https://launchpad.net/ubuntu/+source/network-manager/1.12.4-1ubuntu1.1
https://launchpad.net/ubuntu/+source/network-manager/1.10.6-2ubuntu1.1
https://launchpad.net/ubuntu/+source/network-manager/1.2.6-0ubuntu0.16.04.3
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlvgXuYACgkQZWnYVadE
vpOwaQ//Sw7hljbrUmZVvCwY6Y66IheknbzrjilpC5s37YN+T5I2PqN6tSNGOfYG
quuAwSA7PgF1YqX11wQryDDZxGzKH/6J3HgyncWg+zV3O6z5fyUKxfOBRQ3iwh64
VGDb3SdOers2ZNXagFAEW5Eqk3mcKAxVwC6TSOtJa0ktQP8SjBq6s9JzGT7YjLTJ
0KxU6r5HE85rF5u1uE6gHE8r/m0aKtsd+1Su1QF3U88XDaAEqabCOT3QAQgQLliI
KOdlt3AbnET1boPjpbtPtWO+OFgzr34ZuhQJ0XGRs9DUbL/+NqKiTxbAvShozfys
6ZDOLUBLc6LPTydzD3C64QfpbJSxhtC5id7GZqh60NHamMgpXAGI7wYQahJ0yfjl
vJKa05Y2OO62Rbqn9QvnbwyE9iur16WjErd17ZyPS1QQIce6JRiZjHn3QRy0Q5jj
9dKdtFyHkoeWP21qempx4GL0zxDlFrzUyp6H0kUaYs8l5lk6c/1AseJSr9XGrCKy
kUrAvwkXYF3Ur4BsVK1Z89Kmg0x1xVrwvGfgNJGYQXlBKyjaT2HlYF+OIm61Szd/
5qYPqxoJZbjpiwOoFYwo8yX3tGqP7xcCOiW06yYiFIfbmCuD7CFy5EQqhVK4g7M3
75onninZlFxjmc+aIXqeqOJlmGvyfYPRoMH952KT++uHsCQ/J+M=
=hlmU
—–END PGP SIGNATURE—–
—