Your submission was sent successfully! Close

CVE-2018-15688

Published: 26 October 2018

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
network-manager
Launchpad, Ubuntu, Debian
bionic
Released (1.10.6-2ubuntu1.1)
cosmic
Released (1.12.4-1ubuntu1.1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Pending

xenial
Released (1.2.6-0ubuntu0.16.04.3)
Patches:
upstream: https://github.com/NetworkManager/NetworkManager/commit/01ca2053bbea09f35b958c8cc7631e15469acb79
upstream: https://github.com/NetworkManager/NetworkManager/commit/ef7312a3ae3527e68738b2a7325aaae969fc7355



systemd
Launchpad, Ubuntu, Debian
bionic
Released (237-3ubuntu10.4)
cosmic
Released (239-7ubuntu10.1)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Pending

xenial
Released (229-4ubuntu21.6)
Patches:


upstream: https://github.com/systemd/systemd/pull/10518
upstream: https://github.com/systemd/systemd/commit/4dac5eaba4e419b29c97da38a8b1f82336c2c892
upstream: https://github.com/systemd/systemd/commit/5ec1fca41e5c5f31c7f6bfb42b113f0fb7dc1a87