[SECURITY] [DLA 3397-1] connman security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3397-1] connman security update
From: "Chris Lamb" <lamby@debian.org>
Date: Fri, 21 Apr 2023 18:00:32 +0100
Message-id: <[🔎] 168207877361.642816.6297539284791562323@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3397-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 21, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : connman
Version        : 1.36-2.1~deb10u4
CVE ID         : CVE-2023-28488
Debian Bug     : 1034393

It was discovered that there was a potential denial of service
vulnerabilty in connman, a command-line network manager designed for
use on embedded devices.

Network-adjacent attackers operating a crafted DHCP server could have
caused a stack-based buffer overflow, resulting in a denial of
service through terminating the connman process.

For Debian 10 buster, this problem has been fixed in version
1.36-2.1~deb10u4.

We recommend that you upgrade your connman packages.

For the detailed security status of connman please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/connman

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmRCfDMACgkQHpU+J9Qx
HlibNBAAwZ1xeV0kYFXqE7H+yig1LveCS/Kh6/OcmCG/7Gxa8+1HPF98PCmjfxwr
pH0xndy/Xb+zFQVXxBzn91mJBU8cxMIhqicQdYpj6o1lryfsLLYYVVSKXt31bnQb
DI2Y+5IWC7cHSLA1XHZMC4lW3ZksLttS5Tlj2nCl/ENf7K00CaIBnlF0jnLomGXQ
I1HisTb6Qq4E5F4pRKmO+HXE+o+OuY0SljwFl3WkUowo8gcp4RL5k9xzPah97X1k
G4NZ+VFcSiXzEzQ8nLeQFPjWlIYNNTZzN+98R6RXssdqZPFj8cdY2FXkZRgQOccJ
W84EbPEnl+x9VPc2Ea9lQDDeMLB+0XHThx4P7/wZPrX5AqZzIGZAo0V+xm0zvfcJ
9m1nbUo16NDASzd+yhRPGyEbfugMZWKTE4ulDMMuWXboIsQHwWh+x4LX3KqMZgBD
8EqpURjeZkZNp5aoXwhDohyYJLjfiRGS3R4UqJxpbvXfdjTDdHD3ProTJiUE0c9y
SHSjMYvONNpnQngq7vsELi+TPzvyKFgcaQoSLH+W0ztAEGB0cPvG0tF1AM+WyFP8
E4L/jZNiS+QxA+ijGXwJwvnMjzvu/TO6Ii6q8QcwHheTr3QatkEpC0fW8Y5BTj9d
O+VqL+lLLLK+jlHE5FQy8gbkh3QTutkiPehxYiUTKfa6H8UdUUk=
=M/bg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3396-1] redis security update
Next by Date: [SECURITY] [DLA 3398-1] curl security update
Previous by thread: [SECURITY] [DLA 3396-1] redis security update
Next by thread: [SECURITY] [DLA 3398-1] curl security update
Index(es):
- Date
- Thread