Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 630028 (CVE-2017-5716) - <net-misc/connman-1.35-r1: denial of service and remote code execution via malformed DNS packets
Summary: <net-misc/connman-1.35-r1: denial of service and remote code execution via ma...
Status: RESOLVED FIXED
Alias: CVE-2017-5716
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
: 630036 (view as bug list)
Depends on: 640218 641228
Blocks: CVE-2017-12865
  Show dependency tree
 
Reported: 2017-09-05 19:47 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-12-03 22:52 UTC (History)
2 users (show)

See Also:
Package list:
=net-misc/connman-1.35-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-09-05 19:47:12 UTC 
CVE-2017-5716 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5716):

Buffer overflow in ConnMan Project connection manager daemon version 1.34 and earlier allows a remote attacker to conduct a denial of service and remote code execution via malformed DNS packets. 

References:

https://01.org/security/intel-oss-10001/intel-oss-10001
Comment 1 D'juan McDonald (domhnall) 2017-09-05 20:37:49 UTC 
*** Bug 630036 has been marked as a duplicate of this bug. ***
Comment 2 Aleksandr Wagner (Kivak) 2017-09-24 14:17:48 UTC 
Version 1.35 is now in the tree:

commit 6e6adfa40771badfb21c1ff3f71aaf464b754f34
Author: Yixun Lan <dlan@gentoo.org>
Date:   Tue Sep 5 10:36:29 2017 +0800

    net-misc/connman: version bump 1.35
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.3

@ Maintianer(s): Please state when this package is ready for stabilization, thanks.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-01-23 01:46:14 UTC 
@arches, please stabilize.
Comment 4 Stabilization helper bot gentoo-dev 2018-01-23 02:01:57 UTC 
An automated check of this bug failed - repoman reported dependency errors (47 lines truncated): 

> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=net-libs/libnftnl-1.0.4:0=']
> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=net-libs/libnftnl-1.0.4:0=']
> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0/desktop) ['>=net-libs/libnftnl-1.0.4:0=']
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-26 18:21:39 UTC 
x86 stable
Comment 6 Stabilization helper bot gentoo-dev 2018-01-26 19:01:24 UTC 
An automated check of this bug failed - repoman reported dependency errors (47 lines truncated): 

> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=net-libs/libnftnl-1.0.4:0=']
> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=net-libs/libnftnl-1.0.4:0=']
> dependency.bad net-misc/connman/connman-1.35-r1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0/desktop) ['>=net-libs/libnftnl-1.0.4:0=']
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-01-27 23:42:19 UTC 
amd64 stable
Comment 8 Markus Meier gentoo-dev 2018-02-05 21:19:33 UTC 
arm stable
Comment 9 Matt Turner gentoo-dev 2018-09-17 23:10:36 UTC 
ppc/ppc64 stable. all arches stable
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2018-12-02 15:47:25 UTC 
This issue was resolved and addressed in
 GLSA 201812-02 at https://security.gentoo.org/glsa/201812-02
by GLSA coordinator Aaron Bauman (b-man).
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2018-12-02 15:47:57 UTC 
re-opened for cleanup
Comment 12 Larry the Git Cow gentoo-dev 2018-12-03 22:29:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9aa569612a830d4a33815b47501f3d11b70cc701

commit 9aa569612a830d4a33815b47501f3d11b70cc701
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2018-12-03 22:29:14 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2018-12-03 22:29:33 +0000

    net-misc/connman: drop old
    
    Bug: https://bugs.gentoo.org/630028
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest               |  3 --
 net-misc/connman/connman-1.29.ebuild    | 70 -------------------------
 net-misc/connman/connman-1.33-r1.ebuild | 83 ------------------------------
 net-misc/connman/connman-1.34.ebuild    | 90 ---------------------------------
 4 files changed, 246 deletions(-)
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2018-12-03 22:52:19 UTC 
(In reply to Larry the Git Cow from comment #12)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=9aa569612a830d4a33815b47501f3d11b70cc701
> 
> commit 9aa569612a830d4a33815b47501f3d11b70cc701
> Author:     Ben Kohler <bkohler@gentoo.org>
> AuthorDate: 2018-12-03 22:29:14 +0000
> Commit:     Ben Kohler <bkohler@gentoo.org>
> CommitDate: 2018-12-03 22:29:33 +0000
> 
>     net-misc/connman: drop old
>     
>     Bug: https://bugs.gentoo.org/630028
>     Package-Manager: Portage-2.3.52, Repoman-2.3.12
>     Signed-off-by: Ben Kohler <bkohler@gentoo.org>
> 
>  net-misc/connman/Manifest               |  3 --
>  net-misc/connman/connman-1.29.ebuild    | 70 -------------------------
>  net-misc/connman/connman-1.33-r1.ebuild | 83 ------------------------------
>  net-misc/connman/connman-1.34.ebuild    | 90
> ---------------------------------
>  4 files changed, 246 deletions(-)

Thanks, Ben!