ALT-PU-2021-4641-1
Package connman updated to version 1.40-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2021-06-09
BDU:2021-06407
Уязвимость пакета dnsproxy диспетчера соединений Connman, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-06-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-33833
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20210609 connman stack buffer overflow in dnsproxy CVE-2021-33833
- [oss-security] 20210609 connman stack buffer overflow in dnsproxy CVE-2021-33833
- [oss-security] 20220125 Multiple vulnerabilities in connman's dnsproxy component
- [oss-security] 20220125 Multiple vulnerabilities in connman's dnsproxy component
- [debian-lts-announce] 20220209 [SECURITY] [DLA 2915-1] connman security update
- [debian-lts-announce] 20220209 [SECURITY] [DLA 2915-1] connman security update
- https://lore.kernel.org/connman/
- https://lore.kernel.org/connman/
- GLSA-202107-29
- GLSA-202107-29