Hello dwmw2, or anyone else affected,

Accepted network-manager into bionic-proposed. The package will build
now and be available at https://launchpad.net/ubuntu/+source/network-
manager/1.10.14-0ubuntu1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: network-manager (Ubuntu Bionic)
       Status: Confirmed => Fix Committed

** Tags added: verification-needed verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1754671

Title:
  Full-tunnel VPN DNS leakage regression

Status in NetworkManager:
  Fix Released
Status in network-manager package in Ubuntu:
  Fix Released
Status in network-manager source package in Bionic:
  Fix Committed

Bug description:
  * Impact

  When using a VPN the DNS requests might still be sent to a DNS server
  outside the VPN when they should not

  * Test case

  Configure the system to send all the traffic to a VPN, do a name
  resolution, the request should not go to the public DNS server (to be
  checked by capturing the traffic by example with wireshark)

  
  * Regression potential

  The code change the handling of DNS servers when using a VPN, we
  should check that name resolution still work whne using a VPN in
  different configurations

  -----------------

  
  In 16.04 the NetworkManager package used to carry this patch:
  
http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch

  It fixed the DNS setup so that when I'm on the VPN, I am not sending
  unencrypted DNS queries to the (potentially hostile) local
  nameservers.

  This patch disappeared in an update. I think it was present in
  1.2.2-0ubuntu0.16.04.4 but was dropped some time later.

  This security bug exists upstream too: 
https://bugzilla.gnome.org/show_bug.cgi?id=746422
  It's not a *regression* there though, as they didn't fix it yet 
(unfortunately!)

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/1754671/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to