Debian Long Term Support / LTS Security Information / 2023 / Security Information -- DLA-3397-1 connman

Debian Security Advisory

DLA-3397-1 connman -- LTS security update

Date Reported:

21 Apr 2023

Affected Packages:

connman

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2023-28488.

More information:

It was discovered that there was a potential denial of service vulnerabilty in connman, a command-line network manager designed for use on embedded devices.

Network-adjacent attackers operating a crafted DHCP server could have caused a stack-based buffer overflow, resulting in a denial of service through terminating the connman process.

• CVE-2023-28488

  client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

For Debian 10 Buster, this problem has been fixed in version 1.36-2.1~deb10u4.

We recommend that you upgrade your connman packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS