#11713: NetworkManager-1.14.6 (CVE-2018-15688)
-------------------------+-----------------------
Reporter: renodr | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 8.5
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-----------------------
New point version
Fixes CVE-2018-15688, memory corruption in DHCPv6 client.
{{{
Overview of changes since NetworkManager-1.14.4
===============================================
This is a new stable release of NetworkManager. Notable changes include:
* Fix memory corruption in internal DHCPv6 client (CVE-2018-15688).
* No longer limit number of search entires in resolv.conf to 6.
* Support restricting NetworkManager.conf device configuration based on
used DHCP
plugin.
* Add "${MAC}" specifier for connection.stable-id. This uses the current
MAC
address for seeding the stable generation of MAC address, DHCP client-id
or IPv6 stable-privacy interface identifier.
* Support special value "duid" for "ipv4.dhcp-client-id". This generates
an
RFC4361-compliant client-id like the internal DHCP client used to do by
default.
Previously, there was no explicit name for such a client-id and it was
not
usable with dhclient DHCP plugin. This also generates the same client-id
as
systemd-networkd does by default.
* Support and use a new kind of secret-key in
"/var/lib/NetworkManager/secret_key".
The secret-key represents the identity of the machine that is used for
various
purposes like generating IPv6 stable privacy addesses. It is now
combined
with "/etc/machine-id" so that changing only the machine-id results in
new identifiers.
That matters for example when cloning a virtual machine. Previously, the
user
hard to prune NetworkManager's secret-key to get a new identity, now
regenerating
machine-id suffices. Secret-keys generated by earlier versions of
NetworkManager are
not affected and keep their previous behavior.
* Fix the DHCP client-ids based on the MAC address of IPoIB/infiniband
devices.
* Fix restoring IP configuration after interface went down.
* No longer let NetworkManager touch rp_filter setting. The rp_filter
sysctl must now
be set outside of NetworkManager according to the admin's preference.
Note that a strict
rp_filter may break valid use-cases and interacts badly with
connectivity checking.
* Various bug fixes and improvements.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11713>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
