Launchpad.net

CVE 2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Related bugs and status

CVE-2018-15688 (Candidate) is related to these bugs:

Bug #942856: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication

Summary				In	Importance	Status
	942856	NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication		network-manager (Ubuntu)	Medium	Fix Released
	942856	NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication		NetworkManager	Wishlist	Expired

Bug #1795921: Out-of-Bounds write in systemd-networkd dhcpv6 option handling

Summary				In	Importance	Status
	1795921	Out-of-Bounds write in systemd-networkd dhcpv6 option handling		systemd (Ubuntu)	Medium	Fix Released

Bug #1809132: Updated bionic to the current 1.10 stable version

Summary				In	Importance	Status
	1809132	Updated bionic to the current 1.10 stable version		network-manager (Ubuntu)	Low	Fix Released
	1809132	Updated bionic to the current 1.10 stable version		network-manager (Ubuntu Bionic)	Low	Won't Fix

Bug #1820756: CVE-2018-15688: systemd-network does not correctly keep track of a buffer size

Summary				In	Importance	Status
	1820756	CVE-2018-15688: systemd-network does not correctly keep track of a buffer size		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-15688

Related bugs and status

Related bugs

References