Summary: | <net-misc/connman-1.40_p20220125: invalid memory read accesses | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bkohler |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://seclists.org/oss-sec/2022/q1/70 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 834545 | ||
Bug Blocks: |
Description
filip ambroz
2022-01-25 10:04:08 UTC
1) Possibly invalid memory reference in `strnlen()` call in `forward_dns_reply()` (CVE-2022-23097) 2) TCP Receive Path does not Check for Presence of Sufficient Header Data (CVE-2022-23096) 3) TCP Receive Path Triggers 100 % CPU loop if DNS server does not Send Back Data (CVE-2022-23098) 4) TCP DNS Operation is Broken due to Bad TCP Length Header The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0947ef5f77d8cb7e3e6599f9f1d791f70fef6f commit cb0947ef5f77d8cb7e3e6599f9f1d791f70fef6f Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2022-01-27 12:43:13 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2022-01-27 12:44:19 +0000 net-misc/connman: snapshot for security fixes Bug: https://bugs.gentoo.org/832028 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-misc/connman/Manifest | 1 + net-misc/connman/connman-1.40_p20220125.ebuild | 105 +++++++++++++++++++++++++ 2 files changed, 106 insertions(+) Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=31f2c2345585dd05f950ce51bc6b7227485938e0 commit 31f2c2345585dd05f950ce51bc6b7227485938e0 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-31 06:25:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-31 06:25:47 +0000 [ GLSA 202310-21 ] ConnMan: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/832028 Bug: https://bugs.gentoo.org/863425 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-21.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) |