*** This bug is a security vulnerability ***

Public security bug reported:

In 16.04 the NetworkManager package used to carry this patch:
http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch

It fixed the DNS setup so that when I'm on the VPN, I am not sending
unencrypted DNS queries to the (potentially hostile) local nameservers.

This patch disappeared in an update. I think it was present in
1.2.2-0ubuntu0.16.04.4 but was dropped some time later.

This security bug exists upstream too: 
https://bugzilla.gnome.org/show_bug.cgi?id=746422
It's not a *regression* there though, as they didn't fix it yet (unfortunately!)

** Affects: network-manager (Ubuntu)
     Importance: High
         Status: Confirmed


** Tags: regression-update xenial

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754671

Title:
  Full-tunnel VPN DNS leakage regression

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to