There's active work going on upstream (see and
/dns-bgo746422) to fix the issue. explains how.

Once in master, it would probably be doable to backport those changes
to the 1.10 branch, which is what's in bionic (1.10.6-2ubuntu1).
Backporting to xenial (currently 1.2.6-0ubuntu0.16.04.2) would likely be
an entirely different story.

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.

  Full-tunnel VPN DNS leakage regression

Status in NetworkManager:
Status in network-manager package in Ubuntu:
Status in network-manager source package in Bionic:

Bug description:
  In 16.04 the NetworkManager package used to carry this patch:

  It fixed the DNS setup so that when I'm on the VPN, I am not sending
  unencrypted DNS queries to the (potentially hostile) local

  This patch disappeared in an update. I think it was present in
  1.2.2-0ubuntu0.16.04.4 but was dropped some time later.

  This security bug exists upstream too:
  It's not a *regression* there though, as they didn't fix it yet 

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to