MGASA-2022-0319 - Updated connman packages fix security vulnerability Publication date: 07 Sep 2022 URL: https://advisories.mageia.org/MGASA-2022-0319.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-32292, CVE-2022-32293 In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. (CVE-2022-32292) In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. (CVE-2022-32293) References: - https://bugs.mageia.org/show_bug.cgi?id=30698 - https://lists.opensuse.org/archives/list/[email protected]/thread/UWUYL7FE7EBPBC7ZEMY2Q5OKW2V6KZ5F/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32292 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32293 SRPMS: - 8/core/connman-1.38-2.3.mga8