[Pkg-utopia-maintainers] Bug#1076294: network-manager: CVE-2024-6501
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 13 20:26:52 BST 2024
Source: network-manager
Version: 1.48.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for network-manager.
CVE-2024-6501[0]:
| A flaw was found in NetworkManager. When a system running
| NetworkManager with DEBUG logs enabled and an interface eth1
| configured with LLDP enabled, a malicious user could inject a
| malformed LLDP packet. NetworkManager would crash, leading to a
| denial of service.
Not particularly hight severity as only affecting NetWorkmanager under
DEBUG logs and with LLDP enabled. But Apart the RedHat reference I
have not found if it was reported upstream, so you might double check
if that is known upstream (I guess so).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-6501
https://www.cve.org/CVERecord?id=CVE-2024-6501
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2295734
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list