[security - medium] NetworkManager security, bug fix, and enhancement update
エラータID: AXSA:2015-694:01
リリース日:
2015/11/23 Monday - 19:43
題名:
[security - medium] NetworkManager security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Bug Fix]
- GNOME NetworkManager には,IPv6 のルータ広告 (RA) メッセージの巧妙に細
工された MTU 値によって,リモートの攻撃者がサービス拒否 (IPv6 トラフィッ
ク妨害) を引き起こす脆弱性があります。
この脆弱性は CVE-2015-8215 とは異なる脆弱性です。(CVE-2015-0272)
- NetworkManager の IPv6 スタックの近隣探索 (ND) プロトコル実装の
rdisc/nm-lndp-rdisc.c の receive_ra 関数には,ルータ広告 (RA) メッセー
ジの小さい hop_limit 値によって,リモートの攻撃者がホップ
制限の設定を再設定する脆弱性があります。
この脆弱性は CVE-2015-2922 とは異なる脆弱性です。(CVE-2015-2924)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2015-2924
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
CVE-2015-8215
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.
追加情報:
N/A
ダウンロード:
SRPMS
- ModemManager-1.1.0-8.git20130913.el7.src.rpm
MD5: b4d14bb4ccc77f980eafbbd20df60834
SHA-256: 4d88c3c69fb4d37abdadefe8452a6f7befa4403ef7e68224dcfabe0cd093089f
Size: 1.11 MB - NetworkManager-libreswan-1.0.6-3.el7.src.rpm
MD5: f242824df1592d8f88da25e0fb175994
SHA-256: f80ce3d873d242bee9cf9536d3386721c477ca282458dac97ebcf8503df151ce
Size: 321.20 kB - NetworkManager-1.0.6-27.el7.src.rpm
MD5: a368f1bbbe40ada0fc5fc53d811ae941
SHA-256: 5f6f8c42de37b1e51b7178a70fb5c12583e1ba5d2db91b2684d2c9c5168aa976
Size: 3.44 MB - network-manager-applet-1.0.6-2.el7.src.rpm
MD5: 759544b5036224e5312a8a385f801b07
SHA-256: 27b227f246e49d5c1bcf6d4f5b30b18b90a9209219d0411cb6daf93c82f3719a
Size: 1.30 MB
Asianux Server 7 for x86_64
- ModemManager-1.1.0-8.git20130913.el7.x86_64.rpm
MD5: 28ffabe477a20d487be81368b296e23a
SHA-256: a77874f01640f6bc5df93ecc099df4f2093be5590c8e8f7f898773d8e89ad650
Size: 615.46 kB - ModemManager-glib-1.1.0-8.git20130913.el7.x86_64.rpm
MD5: 4c2142eee5b81950f1491eb40f340ca8
SHA-256: b1293c1a8a9e4ea41c16389a4d9fd608e47420d7ec2ff93562cbd2e3bce1c23b
Size: 204.43 kB - ModemManager-glib-1.1.0-8.git20130913.el7.i686.rpm
MD5: 6b92f24326916fee6344fce8a74db9fe
SHA-256: 7e8a8d142f494c7a3c1bb30083ea2fd79eb456f548c40bc465dfbef4feec600c
Size: 203.54 kB - NetworkManager-libreswan-1.0.6-3.el7.x86_64.rpm
MD5: 662be13e627cde0e621008bb61502da6
SHA-256: 3539a3434f4b97756431baa5ed0ee19ba851f02f2090baa966bd30907c3f3b46
Size: 89.77 kB - NetworkManager-libreswan-gnome-1.0.6-3.el7.x86_64.rpm
MD5: 328ff6317ecb6bd45644a1cb77e5512b
SHA-256: 38ec356ff7bbf112dd9c456fca0836c9590a6f6b7f4b5d0e41512ee63ca77f7a
Size: 26.91 kB - NetworkManager-1.0.6-27.el7.x86_64.rpm
MD5: 98e8223d9c1314d5e57a04cf8b934221
SHA-256: c575f1168990049d88477aee7d70ecab359078170fb6a38e36d4db313e70cae7
Size: 2.03 MB - NetworkManager-adsl-1.0.6-27.el7.x86_64.rpm
MD5: f3af9e1c65f07359cf98ecfd6f04e8f3
SHA-256: 8cf275371c96572aa8ae93810a9cd59462d46711789c2cc90f7c695ae4ffbc1c
Size: 129.14 kB - NetworkManager-bluetooth-1.0.6-27.el7.x86_64.rpm
MD5: b413b43e96626fdbafa557e94b10f5ac
SHA-256: b191c8cb06658afea4ab1a93ee36ec28eb65ac8571601006aff9281d96fb7302
Size: 148.64 kB - NetworkManager-config-server-1.0.6-27.el7.x86_64.rpm
MD5: c23589829b2fe3c5b6ee237fba790633
SHA-256: 72094c5ffea46ae9a2d32ced11e74e06ade6a757cb4695316c0041e2abbadf1a
Size: 120.34 kB - NetworkManager-glib-1.0.6-27.el7.x86_64.rpm
MD5: 65698080861d977016a76344d18d256a
SHA-256: ff2a82d4d462e41090c69aa7ee502729a2cdd73919abb6059276b50fff969f0a
Size: 384.09 kB - NetworkManager-libnm-1.0.6-27.el7.x86_64.rpm
MD5: 3791b63aa58fc4a5115d3f6206404bf8
SHA-256: 6f6b109683a7e2a5b39e6cb61c4b41d4e0197d3aebbc5d75c340a1c5a3aa591f
Size: 496.73 kB - NetworkManager-team-1.0.6-27.el7.x86_64.rpm
MD5: b56f2aa81ae94d7f0f53e01237406bc8
SHA-256: f828a5496d25b4932eb03e00a395e1fcc5b0b5a2dcd2b8438c162ba4c50b40c3
Size: 131.14 kB - NetworkManager-tui-1.0.6-27.el7.x86_64.rpm
MD5: 68ad1be1692160dbbbd1510fb993f7c6
SHA-256: 0ce3094b25c1e89a7376ea7c17918b128f28bbba6667c8912a974be59819dd06
Size: 210.85 kB - NetworkManager-wifi-1.0.6-27.el7.x86_64.rpm
MD5: dab0323fe87f4cb62e8d1bdfae81543c
SHA-256: f06a5ac274cf9a9d32475e41884fd359ed49b0339ea5cada3eabdf7a74fa4e42
Size: 158.92 kB - NetworkManager-wwan-1.0.6-27.el7.x86_64.rpm
MD5: 91f38669efcb04af4582e32bd7c24668
SHA-256: a8d8ead61af566b3798e10be3cf244ef084c0e7d8bc4adac44b5dfb3de7e30fe
Size: 151.43 kB - NetworkManager-glib-1.0.6-27.el7.i686.rpm
MD5: ed0c79a4191aaafa52ee71c5443a70eb
SHA-256: 628d0fe87a16edbac929d5191e622931e7116f2693df2b4cbe064f9ac903fe18
Size: 376.75 kB - NetworkManager-libnm-1.0.6-27.el7.i686.rpm
MD5: c08a4c4701e9c21d609336fa5ff09c2e
SHA-256: 83701c0999f7f612e5cf88e93f8de0817b2a1cbc542cd355c2e80db5b671754e
Size: 489.96 kB - libnm-gtk-1.0.6-2.el7.x86_64.rpm
MD5: 72ef056d54b75429a30ba5681dd2c87d
SHA-256: 38a15d11ea122fad51969318f95c3942b1f7147ec039b628d67ffb32f792c3c5
Size: 82.96 kB - nm-connection-editor-1.0.6-2.el7.x86_64.rpm
MD5: 511168a2bc8121c74080512529bbe1c9
SHA-256: eb807501304692ba79c94334faaabe57c018f68f7a066121d69e98c409802a4d
Size: 925.99 kB - libnm-gtk-1.0.6-2.el7.i686.rpm
MD5: 321a30c9cbf7ae0a74348e522b5bc52c
SHA-256: 5294b486c758934292d9d42ac5ef2a986f9211e98591cae6e7ff606330a4405c
Size: 83.08 kB
English