Red Hat Local Security Checks : RedHat Update for NetworkManager RHSA-2015:2315-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871481

Categoría: Red Hat Local Security Checks

Título: RedHat Update for NetworkManager RHSA-2015:2315-01

Resumen: The remote host is missing an update for the 'NetworkManager'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'NetworkManager'
package(s) announced via the referenced advisory.

Vulnerability Insight:
NetworkManager is a system network service
that manages network devices and connections.

It was discovered that NetworkManager would set device MTUs based on MTU
values received in IPv6 RAs (Router Advertisements), without sanity
checking the MTU value first. A remote attacker could exploit this flaw to
create a denial of service attack, by sending a specially crafted IPv6 RA
packet to disturb IPv6 communication. (CVE-2015-0272)

A flaw was found in the way NetworkManager handled router advertisements.
An unprivileged user on a local network could use IPv6 Neighbor Discovery
ICMP to broadcast a non-route with a low hop limit, causing machines to
lower the hop limit on existing IPv6 routes. If this limit is small enough,
IPv6 packets would be dropped before reaching the final destination.
(CVE-2015-2924)

The network-manager-applet and NetworkManager-libreswan packages have been
upgraded to upstream versions 1.0.6, and provide a number of bug fixes and
enhancements over the previous versions. (BZ#1177582, BZ#1243057)

Bugs:

* It was not previously possible to set the Wi-Fi band to the 'a' or 'bg'
values to lock to a specific frequency band. NetworkManager has been fixed,
and it now sets the wpa_supplicant's 'freq_list' option correctly, which
enables proper Wi-Fi band locking. (BZ#1254461)

* NetworkManager immediately failed activation of devices that did not have
a carrier early in the boot process. The legacy network.service then
reported activation failure. Now, NetworkManager has a grace period during
which it waits for the carrier to appear. Devices that have a carrier down
for a short time on system startup no longer cause the legacy
network.service to fail. (BZ#1079353)

* NetworkManager brought down a team device if the teamd service managing
it exited unexpectedly, and the team device was deactivated. Now,
NetworkManager respawns the teamd instances that disappear and is able to
recover from a teamd failure avoiding disruption of the team device
operation. (BZ#1145988)

* NetworkManager did not send the FQDN DHCP option even if host name was
set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the
DNS records for clients running NetworkManager. Now, NetworkManager sends
the FQDN option with DHCP requests, and the DHCP server is able to create
DNS records for such clients. (BZ#1212597)

* The command-line client was not validating the vlan.flags property
correctly, and a spurious warning message was displayed when the nmcli tool
worked with VLAN connections. The validation routine has been fixed, and
the warning message no longer app ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
NetworkManager on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0272
76814
http://www.securityfocus.com/bid/76814
SUSE-SU-2015:2108
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
SUSE-SU-2015:2194
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
SUSE-SU-2015:2292
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
SUSE-SU-2015:2339
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
SUSE-SU-2015:2350
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
SUSE-SU-2016:0354
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
SUSE-SU-2016:2074
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
USN-2792-1
http://www.ubuntu.com/usn/USN-2792-1
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1192132
Common Vulnerability Exposure (CVE) ID: CVE-2015-2924
BugTraq ID: 76879
http://www.securityfocus.com/bid/76879
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html
https://security.gentoo.org/glsa/201509-05
http://openwall.com/lists/oss-security/2015/04/04/2

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871481
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for NetworkManager RHSA-2015:2315-01
Resumen:	The remote host is missing an update for the 'NetworkManager'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'NetworkManager' package(s) announced via the referenced advisory. Vulnerability Insight: NetworkManager is a system network service that manages network devices and connections. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272) A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. (CVE-2015-2924) The network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions. (BZ#1177582, BZ#1243057) Bugs: * It was not previously possible to set the Wi-Fi band to the 'a' or 'bg' values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's 'freq_list' option correctly, which enables proper Wi-Fi band locking. (BZ#1254461) * NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail. (BZ#1079353) * NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated. Now, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation. (BZ#1145988) * NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients. (BZ#1212597) * The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer app ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: NetworkManager on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0272 76814 http://www.securityfocus.com/bid/76814 SUSE-SU-2015:2108 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html SUSE-SU-2015:2194 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html SUSE-SU-2015:2292 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html SUSE-SU-2015:2339 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html SUSE-SU-2015:2350 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html SUSE-SU-2016:0354 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html SUSE-SU-2016:2074 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html USN-2792-1 http://www.ubuntu.com/usn/USN-2792-1 http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1192132 Common Vulnerability Exposure (CVE) ID: CVE-2015-2924 BugTraq ID: 76879 http://www.securityfocus.com/bid/76879 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html https://security.gentoo.org/glsa/201509-05 http://openwall.com/lists/oss-security/2015/04/04/2
Copyright	Copyright (C) 2015 Greenbone AG