This bug was fixed in the package netplan.io - 0.107-5ubuntu0.3
---------------
netplan.io (0.107-5ubuntu0.3) mantic-security; urgency=medium
* SECURITY UPDATE: weak permissions on secret files, command injection
- d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:
Use more restrictive file permissions to prevent unprivileged users to
read sensitive data from back end files (LP: #2065738, #1987842)
- CVE-2022-4968
- d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:
Call systemd daemon-reload as part of the netplan generate cli command
- d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:
Escape control characters in the parser and double quotes in backend
files.
- d/p/lp2066258/0015-backends-escape-file-paths.patch:
Escape special characters in file paths.
- d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:
Escape isolated semicolons in systemd service units. (LP: #2066258)
* debian/netplan-generator.postinst: Add a postinst maintainer script to call
the generator. It's needed so the file permissions fixes will be applied
automatically, thanks to danilogondolfo
-- Sudhakar Verma <[email protected]> Mon, 24 Jun 2024
23:58:40 +0530
** Changed in: netplan.io (Ubuntu Mantic)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1987842
Title:
wireguard: netdev file can leak private key
To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/1987842/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
