dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root...

Critical: Red Hat Security Advisory: dhcp security update

An update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

PT-2018-1708 · Red Hat +1 · Fedora +3

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux versions 6 and 7 Fedora versions 28 and earlier Description: The issue is related to a command injection flaw in the NetworkManager integration script included in the DHCP client packages. This flaw can be exploited b...

GNOME NetworkManager DNS resolver information disclosure vulnerability

GNOME NetworkManager is a set of network management tools developed by The GNOME Project for Linux and other Unix-like operating systems to simplify network configuration.DNS resolver is one of the domain name resolution modules. An information disclosure vulnerability exists in DNS resolver in...

CVE-2018-1000135

An information exposure vulnerability has been found in NetworkManager when dnsmasq is used in DNS processing mode. An attacker in control of a DNS server could receive DNS queries even though a Virtual Private Network VPN was configured on the vulnerable machine. Mitigation We suggest to keep th...

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

Information disclosure

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

DEBIAN-CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

CVE-2018-1000135

CVE-2018-1000135 affects GNOME NetworkManager 1.10.2 and earlier, with an information-exposure flaw in the DNS resolver that can leak private DNS queries to local network DNS servers, including over VPN. The initial report notes an upstream fix did not appear to be publicly available and that Ubu...

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

CentOS 7 : NetworkManager / NetworkManager-libreswan / libnl3 / network-manager-applet (CESA-2017:2299)

An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

NetworkManager, libnl3, libnm, libnma, network, nm security update

CentOS Errata and Security Advisory CESA-2017:2299 An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

Scientific Linux Security Update : NetworkManager and libnl3 on SL7.x x86_64 (20170801)

The libnl3 packages contain a convenience library that simplifies using the Linux kernel's Netlink sockets interface for network manipulation. The following packages have been upgraded to a later upstream version: NetworkManager 1.8.0, network-manager-applet 1.8.0. Security Fixes in the libnl3...

Oracle Linux 7 : NetworkManager / and / libnl3 (ELSA-2017-2299)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2299 advisory. NetworkManager 1:1.8.0-9 - device: don't change MTU unless explicitly configured rh 1460760 - core: don't remove external IPv4 addresses rh 1459813 1:1.8.0-8 -...

NetworkManager and libnl3 security, bug fix and enhancement update

NetworkManager 1:1.8.0-9 - device: don't change MTU unless explicitly configured rh 1460760 - core: don't remove external IPv4 addresses rh 1459813 1:1.8.0-8 - cli: fix output of iface in overview output rh1460219 - ppp: unexport NMPPPManager instance on dispose rh1459579 - cli: remove spurious...

RedHat Update for NetworkManager and libnl3 RHSA-2017:2299-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : NetworkManager and libnl3 (RHSA-2017:2299)

An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...