Context Navigation

← Previous Ticket
Next Ticket →

#11713 closed enhancement (fixed)

NetworkManager-1.14.6 (CVE-2018-15688)

Reported by:	Douglas R. Reno	Owned by:	Bruce Dubbs
Priority:	high	Milestone:	8.4
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

New point version

Fixes CVE-2018-15688, memory corruption in DHCPv6 client.

Overview of changes since NetworkManager-1.14.4
===============================================

This is a new stable release of NetworkManager.  Notable changes include:

* Fix memory corruption in internal DHCPv6 client (CVE-2018-15688).
* No longer limit number of search entires in resolv.conf to 6.
* Support restricting NetworkManager.conf device configuration based on used DHCP
  plugin.
* Add "${MAC}" specifier for connection.stable-id. This uses the current MAC
  address for seeding the stable generation of MAC address, DHCP client-id
  or IPv6 stable-privacy interface identifier.
* Support special value "duid" for "ipv4.dhcp-client-id". This generates an
  RFC4361-compliant client-id like the internal DHCP client used to do by default.
  Previously, there was no explicit name for such a client-id and it was not
  usable with dhclient DHCP plugin. This also generates the same client-id as
  systemd-networkd does by default.
* Support and use a new kind of secret-key in "/var/lib/NetworkManager/secret_key".
  The secret-key represents the identity of the machine that is used for various
  purposes like generating IPv6 stable privacy addesses. It is now combined
  with "/etc/machine-id" so that changing only the machine-id results in new identifiers.
  That matters for example when cloning a virtual machine. Previously, the user
  hard to prune NetworkManager's secret-key to get a new identity, now regenerating
  machine-id suffices. Secret-keys generated by earlier versions of NetworkManager are
  not affected and keep their previous behavior.
* Fix the DHCP client-ids based on the MAC address of IPoIB/infiniband devices.
* Fix restoring IP configuration after interface went down.
* No longer let NetworkManager touch rp_filter setting. The rp_filter sysctl must now
  be set outside of NetworkManager according to the admin's preference. Note that a strict
  rp_filter may break valid use-cases and interacts badly with connectivity checking.
* Various bug fixes and improvements.

Change History (3)

comment:1 by Bruce Dubbs, 5 years ago

Milestone:	8.5 → 8.4

Promote to 8,4,

comment:2 by Bruce Dubbs, 5 years ago

Owner:	changed from blfs-book to Bruce Dubbs
Status:	new → assigned

comment:3 by Bruce Dubbs, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at revision 21250.

Note: See TracTickets for help on using tickets.

Download in other formats: