[Pkg-utopia-maintainers] Bug#904255: network-manager-vpnc: CVE-2018-10900: privilege escalation
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 22 11:53:20 BST 2018
Source: network-manager-vpnc
Version: 1.2.4-1
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for network-manager-vpnc.
CVE-2018-10900[0]:
local privilege escalation
A user with enough privileges to create the vpnc connection entry
(group netdev for instance), can use the flaw in network-manager-vpnc
to escalate privileges.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10900
[1] https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
Update for stretch is already in preparation.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list