Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: NetworkManager and libnl3 security, bug fix and enhancement update

Related Vulnerabilities: CVE-2017-0553   CVE-2017-0553   CVE-2017-0553  

Source

Synopsis

Moderate: NetworkManager and libnl3 security, bug fix and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.

The libnl3 packages contain a convenience library that simplifies using the Linux kernel's Netlink sockets interface for network manipulation.

The following packages have been upgraded to a later upstream version: NetworkManager (1.8.0), network-manager-applet (1.8.0). (BZ#1413312, BZ#1414103, BZ#1441621)

Security Fix(es) in the libnl3 component:

  • An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64

Fixes

  • BZ - 1231526 - nmcli slow with large numbers of VLANs
  • BZ - 1256822 - [RFE] support ipv6 shared connections
  • BZ - 1312359 - activating vlan on virtual device fails with: failed to determine interface name: error determine name for vlan
  • BZ - 1344303 - hostnamectl set-hostname over-writes existing resolv.conf entries
  • BZ - 1348198 - [RFE] cannot easily change active_slave
  • BZ - 1349266 - NetworkManager adds extra options while bonding mode=6, which causes extra warning
  • BZ - 1351263 - [review] lr/cli-ask-rh4351263: [RFE] allow passing -a to the end of nmcli command
  • BZ - 1360386 - bond slaves of master which is slave of a bridge are sometimes not activated in installer
  • BZ - 1367752 - startin team slave when master has invalid json config leads to infinite connecting state
  • BZ - 1368353 - [NMCI] [abrt] [faf] NetworkManager: g_object_get_property(): /usr/bin/nmcli killed by 11
  • BZ - 1369008 - Once NetworkManager is stopped, the ifcfg files it created via nmtui\cockpit are incompatible with initscripts, since MASTER=UUID instead of MASTER=device_name
  • BZ - 1369380 - NetworkManager.service ignores commented 'ONBOOT=no # comment' lines in ifcfg
  • BZ - 1369716 - Checkpoint/rollback improvements
  • BZ - 1371126 - layer 2-only device is taken down when NetworkManager stops
  • BZ - 1371433 - [RFE] Directly instruct NM to avoid controlling and monitoring a device.
  • BZ - 1376199 - stalled eth4.80 vlan after restart and connection delete
  • BZ - 1378418 - vlan device is down and lost ip once stopping NetworkManager
  • BZ - 1380165 - [NMCI] just last address specified in novice mode is written into profile
  • BZ - 1384937 - [NMCI] team activation timeout with incorrect setup
  • BZ - 1386106 - NM fails to detect Red Hat VPN after first login
  • BZ - 1388286 - Incorrect MAC address set on em1 after interface renaming
  • BZ - 1388613 - [RFE] Allow setting the MTU of mobile broadband connections in NetworkManager
  • BZ - 1391170 - nmcli should show output in non-pretty-printed form for parsing
  • BZ - 1391477 - [bug] ifcfg-rh plugin fails to re-read valid connection 802-1x connection
  • BZ - 1393853 - [NMCI] add team fails after clean install, NM service restart helps
  • BZ - 1393997 - nmcli duplicates a connection after a NetworkManager restart if DHCP_HOSTNAME is defined
  • BZ - 1394334 - [RFE] Improve NetworkManager error handling
  • BZ - 1394344 - [RFE] Improve Multihoming
  • BZ - 1394345 - [RFE] Per-device connection checks
  • BZ - 1394500 - NetworkManager doesn't honor ip address order
  • BZ - 1394579 - improve handling of unmanaged/assumed devices
  • BZ - 1398932 - [RFE] Create dummy-based connection
  • BZ - 1398934 - [RFE] Recognize SRIOV PF and set its num_vfs
  • BZ - 1404148 - NetworkManager assertion failure
  • BZ - 1404594 - [RFE] Export DNS configuration via D-Bus
  • BZ - 1404598 - [RFE] Split NetworkManager PPP support into a separate package
  • BZ - 1405431 - NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files
  • BZ - 1413312 - Fix default behavior for cloned-mac-address with rebase in rhel-7.4 after upstream change
  • BZ - 1414103 - rebase NetworkManager package to new upstream version 1.8.x in rhel-7.4
  • BZ - 1420244 - [abrt] [faf] NetworkManager: __strchr_sse42(): /usr/sbin/NetworkManager killed by 11
  • BZ - 1420708 - Stable bond slaves ordering based on the device name
  • BZ - 1421019 - platform-linux: kernel support for IFLA_INET6_ADDR_GEN_M ODE failed to detect; assume no support
  • BZ - 1421429 - [RFE] Connection profile user data
  • BZ - 1422610 - NM changes hostname to localhost.localdomain even though no devices are managed by it
  • BZ - 1422786 - make insufficient permission errors more visible (especially in connection down)
  • BZ - 1423490 - [dns] change behavior for rc-manager=symlink to keep /etc/resolv.conf as regular file instead of symlink
  • BZ - 1424641 - Team MAC address changes after reboot or a down/up cycle
  • BZ - 1425409 - add MASTER=dev when creating bond directly with slaves in nmtui
  • BZ - 1425818 - [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1426748 - NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files part 2
  • BZ - 1427482 - NetworkManager doesn't see vlan team-slaves after reboot
  • BZ - 1432251 - [abrt] [faf] NetworkManager: raise(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1433303 - NetworkManager leaks NMDevice objects for enslaved veth devices
  • BZ - 1433883 - [NMCI] nmcli connection down broken
  • BZ - 1434317 - Some buttons miss mnemonic character in nm-connection-editor tool
  • BZ - 1434555 - Better handling of bonds with TYPE=Ethernet
  • BZ - 1436600 - [NMCI] [abrt] [faf] NetworkManager: check_activated(): /usr/bin/nmcli killed by 11
  • BZ - 1436601 - [NMCI] [abrt] [faf] NetworkManager: g_logv(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1436602 - [NMCI] [abrt] [faf] NetworkManager: g_logv(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1436770 - NetworkManager service restart is required after FirewallD package installation to get active zone
  • BZ - 1436978 - [abrt] [faf] NetworkManager: raise(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1436990 - [NMCI] bring down connection with id exits with incorrect value
  • BZ - 1436993 - [NMCI] nmcli segfault when entering editor for new connection
  • BZ - 1437438 - [NMCI] [abrt] [faf] NetworkManager: unknown function(): /usr/bin/nmcli killed by 11
  • BZ - 1439118 - NetworkManager wrongly manages veth devices [rhel-7.4-alpha only]
  • BZ - 1440077 - [NMCI] [abrt] [faf] NetworkManager: _g_log_abort(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1440087 - [NMCI] [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1440089 - [NMCI] [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 6
  • BZ - 1440090 - [NMCI] [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 11
  • BZ - 1440171 - [NMCI] wireless device unmanaged after clean install
  • BZ - 1440623 - [NMCI] [abrt] [faf] NetworkManager: g_logv(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1440788 - CVE-2017-0553 libnl: Integer overflow in nlmsg_reserve()
  • BZ - 1440957 - nmcli connection edit interactive is not working for bond-slave
  • BZ - 1442064 - [NMCI] [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1443437 - Cannot send FQDN as DHCP client Host Name (Option 12)
  • BZ - 1443878 - changes in NM assuming of devices causing regressions in Anaconda
  • BZ - 1444374 - [NMCI] [abrt] [faf] NetworkManager: _g_log_abort(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1445414 - ifcfg: try to stay compatible with pykickstart
  • BZ - 1446367 - New IPv6 DAD support lets activation without carrier hang indefinitely
  • BZ - 1448165 - NetworkManager does not track ip configurations on managed, inactive devices
  • BZ - 1448907 - [abrt] [faf] NetworkManager: g_logv(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1448987 - NM does not use new route when adding host route for DHCP server
  • BZ - 1449296 - Connectivity checking timeout=0 does not disable connectivity checking
  • BZ - 1450444 - NM wrongly delays startup complete with 'carrier wait'
  • BZ - 1450459 - backport fix for possible crash in proxy code "nm-pacrunner-manacer.c"
  • BZ - 1452062 - [NMCI] vlan_over_no_L3_bond_restart_persistence failed
  • BZ - 1452585 - Preserve the old behavior of ordering slaves by ifindex by default
  • BZ - 1452648 - (null) in old route syntaxt after calling nmcli modify ipv4.routes
  • BZ - 1454385 - Bluetooth NAP doesn't work
  • BZ - 1456362 - nmcli crashes when setting the 802-1x.password-raw property
  • BZ - 1456826 - tui: fix crash during nmtui-connect
  • BZ - 1456911 - Fix checking for valid VLan ID in NetworkManager connection
  • BZ - 1457242 - manually added IPv6 route is removed when NM is running
  • BZ - 1457909 - [NMCI] nm doesn't match bond connection and a device
  • BZ - 1458399 - periodic connectivity checking broken in 1.8 (needs backport)
  • BZ - 1458567 - nm-connection-editor crashes when editing an Ethernet connection with 802.1X security
  • BZ - 1459579 - [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1459580 - [abrt] [faf] NetworkManager: unknown function(): /usr/sbin/NetworkManager killed by 5
  • BZ - 1459604 - Failed assertion in NetworkManager when removing WWAN modem
  • BZ - 1459813 - [NMCI] ipv4_keep_external_addresses failed
  • BZ - 1459932 - NetworkManager: connectivity check fails on WWAN interface
  • BZ - 1460219 - long device name is cut in nmcli summary
  • BZ - 1460527 - Spurious device name in the output of nmcli device wifi subcommands
  • BZ - 1460760 - Virtio-net interface MTU overwritten to 1500 bytes

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started