Advisories » MGASA-2018-0036

Updated connman packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12865

Description

Security consultants in NRI Secure Technologies discovered a stack
overflow vulnerability in ConnMan. An attacker with control of the DNS
responses to the DNS proxy in ConnMan might crash the service and, in same
cases, remotely execute arbitrary commands in the host running the service
(CVE-2017-12865)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21629
• https://www.debian.org/security/2017/dsa-3956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12865

SRPMS

5/core

• connman-1.24-4.1.mga5

6/core

• connman-1.33-6.1.mga6