CVE-2018-15688

Published: 26 October 2018

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
network-manager
Launchpad, Ubuntu, Debian
Upstream Pending

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.10.6-2ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.2.6-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/NetworkManager/NetworkManager/commit/01ca2053bbea09f35b958c8cc7631e15469acb79
Upstream: https://github.com/NetworkManager/NetworkManager/commit/ef7312a3ae3527e68738b2a7325aaae969fc7355
systemd
Launchpad, Ubuntu, Debian
Upstream Pending

Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.4)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (229-4ubuntu21.6)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/systemd/systemd/pull/10518
Upstream: https://github.com/systemd/systemd/commit/4dac5eaba4e419b29c97da38a8b1f82336c2c892
Upstream: https://github.com/systemd/systemd/commit/5ec1fca41e5c5f31c7f6bfb42b113f0fb7dc1a87