Your message dated Thu, 27 Mar 2025 21:47:08 +0000
with message-id <[email protected]>
and subject line Bug#1076294: fixed in network-manager 1.42.4-1+deb12u1
has caused the Debian Bug report #1076294,
regarding network-manager: CVE-2024-6501: NM segfaults on receiving LLDPDUs
with malformed TLVs (when log level is DEBUG)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1076294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076294
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: network-manager
Version: 1.48.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for network-manager.
CVE-2024-6501[0]:
| A flaw was found in NetworkManager. When a system running
| NetworkManager with DEBUG logs enabled and an interface eth1
| configured with LLDP enabled, a malicious user could inject a
| malformed LLDP packet. NetworkManager would crash, leading to a
| denial of service.
Not particularly hight severity as only affecting NetWorkmanager under
DEBUG logs and with LLDP enabled. But Apart the RedHat reference I
have not found if it was reported upstream, so you might double check
if that is known upstream (I guess so).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-6501
https://www.cve.org/CVERecord?id=CVE-2024-6501
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2295734
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: network-manager
Source-Version: 1.42.4-1+deb12u1
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Mar 2025 21:04:25 +0100
Source: network-manager
Architecture: source
Version: 1.42.4-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 1076294
Changes:
network-manager (1.42.4-1+deb12u1) bookworm; urgency=medium
.
* lldp: fix crash dereferencing NULL pointer during debug logging.
Patch cherry-picked from upstream nm-1-42 branch.
(CVE-2024-6501, Closes: #1076294)
* Set debian-branch to debian/bookworm
Checksums-Sha1:
9dc2184f64e649017fedf4f9127d4a23990aedc5 3067
network-manager_1.42.4-1+deb12u1.dsc
e789984f10966a3099df61154af86c36f851cac4 51096
network-manager_1.42.4-1+deb12u1.debian.tar.xz
582982a990494e965c07040b1132192e888ae525 7597
network-manager_1.42.4-1+deb12u1_source.buildinfo
Checksums-Sha256:
ff2cd12156dff3d8b2f996bf4468586e6e345ec7882bc22335506dac9c7f5ac3 3067
network-manager_1.42.4-1+deb12u1.dsc
0c93ad4c96df4cff4fed4a8b4fe92da98457fd0590160f70e97ea5bfb655e3bb 51096
network-manager_1.42.4-1+deb12u1.debian.tar.xz
cd6fca200c2e99141f1e3fc5b32c20424d0b28848ec2948ca3148ad59a9c5116 7597
network-manager_1.42.4-1+deb12u1_source.buildinfo
Files:
8a4d137aee3c20a2187c6669cdeed280 3067 net optional
network-manager_1.42.4-1+deb12u1.dsc
5a1d3698db8fe42a764269b845128222 51096 net optional
network-manager_1.42.4-1+deb12u1.debian.tar.xz
ebf72bb684d540144b3d22abaeb85ab7 7597 net optional
network-manager_1.42.4-1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmflTW4ACgkQauHfDWCP
ItxXAg//VFD0TGH9OupYMoRJ7P4gqAYkSr5kT47YfsEzgGXzaSJwsselqCFCkJM6
EkzXcOPJpREFLUKY5LLnRjEezS3h+q8bpcpRvYjA2RTHe+bv+Or2AOLAx3jslJT+
ElBq4eZHRNUL0ky8Ta0wSGkLQm7smt1zkXIKLz/j6jS9TCkgAMhCYOht9I6MqbkY
4jI+KoLJEreDqIvrlI7fQAM3GPU2YQ6eFgpJr8VFPTChasMUTy2juZCKbPJkRUyE
JEn0hi8AyHQwLQFrMzQvrq33z6xRSRbYlMmzeX/TYSFiJLxrV2nRjmCifmOwF0aH
kWeBlhRSFGOmGvTKWm7MQd2c43ji3L1/mJ+nLIEWoHb3VYdv+NmzMeosiSLSZxKX
/6ULN26uCVeB20nMXPUgX5SzZsBe+Klb7Ff0MmYoB8SVw5M608MA4hQ3mRbo/rLn
8AcyKiBSxUGOVxJdtFn5YYNpkx9gF6L+LNRWLLGVda0JUg14DRQ2ENus4/QqATxk
0bfHQ2gxIzaV3/03pQwnZixhFXx/scaTPkZHR1Xxsq6Wa5SpWfeahoMDL580jSKe
C/6CAA9vdpsd9Rculz/7klR/Ai0CxFhpZP98MLnifhX2Ozty8AMXpAtEkvqU0RNF
/Pwqv+ssqyRskBMtr9xfoCEMP/HxtBpWZdSStfnPZFhuR2XXdbE=
=2hbg
-----END PGP SIGNATURE-----
pgprm25Lhmxj3.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
