CVE-2018-15688

Priority
Description
A buffer overflow vulnerability in the dhcp6 client of systemd allows a
malicious dhcp6 server to overwrite heap memory in systemd-networkd.
Affected releases are systemd: versions up to and including 239.
Assigned-to
mdeslaur
Package
Upstream:pending
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.6-0ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.10.6-2ubuntu1.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.12.4-1ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):released (1.12.4-1ubuntu1.1)
Patches:
Upstream:https://github.com/NetworkManager/NetworkManager/commit/01ca2053bbea09f35b958c8cc7631e15469acb79
Upstream:https://github.com/NetworkManager/NetworkManager/commit/ef7312a3ae3527e68738b2a7325aaae969fc7355
Package
Upstream:pending
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (229-4ubuntu21.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (237-3ubuntu10.4)
Ubuntu 18.10 (Cosmic Cuttlefish):released (239-7ubuntu10.1)
Ubuntu 19.04 (Disco Dingo):released (239-7ubuntu10.1)
Patches:
Upstream:https://github.com/systemd/systemd/pull/10518
Upstream:https://github.com/systemd/systemd/commit/4dac5eaba4e419b29c97da38a8b1f82336c2c892
Upstream:https://github.com/systemd/systemd/commit/5ec1fca41e5c5f31c7f6bfb42b113f0fb7dc1a87
More Information

Updated: 2018-12-03 13:14:47 UTC (commit 01addd2d8d1f962e775fbfaaf3bdf7f6936c7e62)