Debian Security Advisory
DLA-3397-1 connman -- LTS security update
- Date Reported:
- 21 Apr 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-28488.
- More information:
It was discovered that there was a potential denial of service vulnerabilty in connman, a command-line network manager designed for use on embedded devices.
Network-adjacent attackers operating a crafted DHCP server could have caused a stack-based buffer overflow, resulting in a denial of service through terminating the connman process.
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.
For Debian 10
Buster, this problem has been fixed in version 1.36-2.1~deb10u4.
We recommend that you upgrade your connman packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS