ASA-202102-24 log original external raw

[ASA-202102-24] connman: multiple issues
Arch Linux Security Advisory ASA-202102-24 ========================================== Severity: Critical Date : 2021-02-12 CVE-ID : CVE-2021-26675 CVE-2021-26676 Package : connman Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1543 Summary ======= The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 1.39-1. # pacman -Syu "connman>=1.39-1" The problems have been fixed upstream in version 1.39. Workaround ========== None. Description =========== - CVE-2021-26675 (arbitrary code execution) A security issue was found in connman 1.38. A stack buffer overflow can be used to execute code by network adjacent attackers. - CVE-2021-26676 (information disclosure) A security issue was found in connman 1.38. A stack information leak from an uninitialised variable can lead to information disclosure to a remote attacker. This information can be used to help exploiting CVE-2021-26675 reliably. Impact ====== A network adjacent attacker can execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/69583 https://www.openwall.com/lists/oss-security/2021/02/08/2 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://security.archlinux.org/CVE-2021-26675 https://security.archlinux.org/CVE-2021-26676

[ASA-202102-24] connman: multiple issues

Arch Linux Security Advisory ASA-202102-24 ========================================== Severity: Critical Date : 2021-02-12 CVE-ID : CVE-2021-26675 CVE-2021-26676 Package : connman Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1543 Summary ======= The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 1.39-1. # pacman -Syu "connman>=1.39-1" The problems have been fixed upstream in version 1.39. Workaround ========== None. Description =========== - CVE-2021-26675 (arbitrary code execution) A security issue was found in connman 1.38. A stack buffer overflow can be used to execute code by network adjacent attackers. - CVE-2021-26676 (information disclosure) A security issue was found in connman 1.38. A stack information leak from an uninitialised variable can lead to information disclosure to a remote attacker. This information can be used to help exploiting CVE-2021-26675 reliably. Impact ====== A network adjacent attacker can execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/69583 https://www.openwall.com/lists/oss-security/2021/02/08/2 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://security.archlinux.org/CVE-2021-26675 https://security.archlinux.org/CVE-2021-26676