Bug 1181751 - (CVE-2021-26675) VUL-0: CVE-2021-26675, CVE-2021-26676: connman: mutliple issues in DNS handling
(CVE-2021-26675)
VUL-0: CVE-2021-26675, CVE-2021-26676: connman: mutliple issues in DNS handling
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P3 - Medium : Normal (vote)
: Leap 15.2
Assigned To: Daniel Wagner
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-03 16:09 UTC by Marcus Meissner
Modified: 2021-03-20 17:16 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Marcus Meissner 2021-02-03 16:25:30 UTC
So as far as I see the gdhcp bugs are exploited to retrieve the stack layout via infoleak and the buffer overflow is exploited in dnsproxy.


So I requested:


- 1 CVE for the info leak via gdhcp
- 1 CVE for the buffer overflow in dnsproxy

before 1.39
Comment 6 Marcus Meissner 2021-02-03 19:03:29 UTC
CVE-2021-26675 for the buffer overflow

CVE-2021-26676 for the info leak
Comment 7 Marcus Meissner 2021-02-05 12:49:09 UTC
CRD: 2021-02-08 9:00UTC
Comment 9 Marcus Meissner 2021-02-08 09:04:51 UTC
is public
Comment 11 Marcus Meissner 2021-03-03 07:17:09 UTC
submit for factory also received
Comment 12 OBSbugzilla Bot 2021-03-03 07:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1181751) was mentioned in
https://build.opensuse.org/request/show/876388 Factory / connman
https://build.opensuse.org/request/show/876402 15.2 / connman
Comment 13 Swamp Workflow Management 2021-03-16 20:20:22 UTC
openSUSE-SU-2021:0416-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1181751
CVE References: CVE-2021-26675,CVE-2021-26676
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    connman-1.39-lp152.3.3.1
Comment 14 Swamp Workflow Management 2021-03-20 17:16:44 UTC
openSUSE-SU-2021:0452-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1181751
CVE References: CVE-2021-26675,CVE-2021-26676
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    connman-1.39-bp152.4.3.1