Bug 1181751 (CVE-2021-26675) - VUL-0: CVE-2021-26675, CVE-2021-26676: connman: mutliple issues in DNS handling
Summary: VUL-0: CVE-2021-26675, CVE-2021-26676: connman: mutliple issues in DNS handling
Status: RESOLVED FIXED
Alias: CVE-2021-26675
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.2
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: Leap 15.2
Assignee: Daniel Wagner
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-03 16:09 UTC by Marcus Meissner
Modified: 2021-03-20 17:16 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Marcus Meissner 2021-02-03 16:25:30 UTC
So as far as I see the gdhcp bugs are exploited to retrieve the stack layout via infoleak and the buffer overflow is exploited in dnsproxy.


So I requested:


- 1 CVE for the info leak via gdhcp
- 1 CVE for the buffer overflow in dnsproxy

before 1.39
Comment 6 Marcus Meissner 2021-02-03 19:03:29 UTC
CVE-2021-26675 for the buffer overflow

CVE-2021-26676 for the info leak
Comment 7 Marcus Meissner 2021-02-05 12:49:09 UTC
CRD: 2021-02-08 9:00UTC
Comment 9 Marcus Meissner 2021-02-08 09:04:51 UTC
is public
Comment 11 Marcus Meissner 2021-03-03 07:17:09 UTC
submit for factory also received
Comment 12 OBSbugzilla Bot 2021-03-03 07:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181751) was mentioned in
https://build.opensuse.org/request/show/876388 Factory / connman
https://build.opensuse.org/request/show/876402 15.2 / connman
Comment 13 Swamp Workflow Management 2021-03-16 20:20:22 UTC
openSUSE-SU-2021:0416-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1181751
CVE References: CVE-2021-26675,CVE-2021-26676
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    connman-1.39-lp152.3.3.1
Comment 14 Swamp Workflow Management 2021-03-20 17:16:44 UTC
openSUSE-SU-2021:0452-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1181751
CVE References: CVE-2021-26675,CVE-2021-26676
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    connman-1.39-bp152.4.3.1