USN-3807-1: NetworkManager vulnerability

05 November 2018

NetworkManager could be made to crash or run programs if it received specially crafted network traffic.

Releases

Packages

Details

Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client
incorrectly handled certain DHCPv6 messages. In non-default configurations
where the internal DHCP client is enabled, an attacker on the same network
could use this issue to cause NetworkManager to crash, resulting in a
denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
Ubuntu 18.04
Ubuntu 16.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

Related notices

  • USN-3806-1: systemd-journal-remote, udev, libsystemd-dev, libpam-systemd, libudev1-udeb, libnss-resolve, systemd-coredump, systemd-sysv, libnss-mymachines, udev-udeb, libudev1, systemd-container, libudev-dev, systemd, libnss-myhostname, libsystemd0, libnss-systemd, systemd-tests