Debian LTS: DLA-3105-1: connman security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3105-1                [email protected]
https://www.debian.org/lts/security/                           Chris Lamb
September 13, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : connman
Version        : 1.36-2.1~deb10u3
CVE IDs        : CVE-2022-32292 CVE-2022-32293
Debian Bug     : #1016976

It was discovered that there were two issues in connman, a daemon for
managing internet connections within embedded devices:

* CVE-2022-32292: Prevent an issue where remote attackers able to
  send HTTP requests to the gweb component were able to exploit a
  heap-based buffer overflow in the received_data function to execute
  code.

* CVE-2022-32293: Prevent a man-in-the-middle attack against a WISPR
  HTTP query which could be used to trigger a use-after-free in WISPR
  handling, leading to crashes or even code execution.

For Debian 10 buster, these problems have been fixed in version
1.36-2.1~deb10u3.

We recommend that you upgrade your connman packages.

For the detailed security status of connman please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/connman

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3105-1: connman security update

September 13, 2022
It was discovered that there were two issues in connman, a daemon for managing internet connections within embedded devices: * CVE-2022-32292: Prevent an issue where remote attacke...

Summary

* CVE-2022-32292: Prevent an issue where remote attackers able to
send HTTP requests to the gweb component were able to exploit a
heap-based buffer overflow in the received_data function to execute
code.

* CVE-2022-32293: Prevent a man-in-the-middle attack against a WISPR
HTTP query which could be used to trigger a use-after-free in WISPR
handling, leading to crashes or even code execution.

For Debian 10 buster, these problems have been fixed in version
1.36-2.1~deb10u3.

We recommend that you upgrade your connman packages.

For the detailed security status of connman please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/connman

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
Package : connman
Version : 1.36-2.1~deb10u3
Debian Bug : #1016976

News

Advisories

HOWTOs

Features

History of Malware on Linux and What's Being Done to Stop It
A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy