USN-3807-1: NetworkManager vulnerability
5 November 2018
NetworkManager could be made to crash or run programs if it received specially crafted network traffic.
Releases
Packages
- network-manager - Network connection manager
Details
Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client
incorrectly handled certain DHCPv6 messages. In non-default configurations
where the internal DHCP client is enabled, an attacker on the same network
could use this issue to cause NetworkManager to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
Ubuntu 18.04
Ubuntu 16.04
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-3806-1: libudev-dev, systemd-coredump, libsystemd-dev, systemd, libnss-mymachines, libnss-resolve, libpam-systemd, systemd-container, systemd-journal-remote, systemd-sysv, systemd-tests, udev-udeb, udev, libnss-systemd, libudev1, libudev1-udeb, libnss-myhostname, libsystemd0