Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Ubuntu 23.04 LTS: USN-6236-1 Critical ConnMan Denial of Service

ubuntu
Calendar Grey July 19, 2023
Dist Ubuntu Esm H88
Ubuntu's ConnMan has resolved multiple vulnerabilities affecting numerous LTS releases. It's recommended to perform updates to ensure system security.
Several security issues were fixed in ConnMan.

Summary

Several security issues were fixed in ConnMan.

Software Description:

- connman: Intel Connection Manager daemon

Details:

It was discovered that ConnMan could be made to write out of bounds. A

remote attacker could possibly use this issue to cause ConnMan to crash,

resulting in a denial of service, or possibly execute arbitrary code. This

issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

(CVE-2021-26675, CVE-2021-33833)

It was discovered that ConnMan could be made to leak sensitive information

via the gdhcp component. A remote attacker could possibly use this issue

to obtain information for further exploitation. This issue only affected

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676)

It was discovered that ConnMan could be made to read out of bounds. A

remote attacker could possibly use this issue to case ConnMan to crash,

resulting in a denial of service. This issue only affected Ubuntu 16.04

LTS, Ubuntu 18.04 LTS, Ubun...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   connman                         1.41-2ubuntu0.23.04.1

Ubuntu 22.04 LTS:
   connman                         1.36-2.3ubuntu0.1

Ubuntu 20.04 LTS:
   connman                         1.36-2ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   connman                         1.35-6ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   connman                         1.21-1.2+deb8u1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6236-1

  CVE-2021-26675, CVE-2021-26676, CVE-2021-33833, CVE-2022-23096,

  CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293,

  CVE-2023-28488

Severity
critical
Lowest
Low
Medium
High
Critical

July 19, 2023

Package Information

  https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1
  https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.