ASA-202102-24 log generated external raw

[ASA-202102-24] connman: multiple issues
Arch Linux Security Advisory ASA-202102-24 ========================================== Severity: Critical Date : 2021-02-12 CVE-ID : CVE-2021-26675 CVE-2021-26676 Package : connman Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1543 Summary ======= The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 1.39-1. # pacman -Syu "connman>=1.39-1" The problems have been fixed upstream in version 1.39. Workaround ========== None. Description =========== - CVE-2021-26675 (arbitrary code execution) A security issue was found in connman 1.38. A stack buffer overflow can be used to execute code by network adjacent attackers. - CVE-2021-26676 (information disclosure) A security issue was found in connman 1.38. A stack information leak from an uninitialised variable can lead to information disclosure to a remote attacker. This information can be used to help exploiting CVE-2021-26675 reliably. Impact ====== A network adjacent attacker can execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/69583 https://www.openwall.com/lists/oss-security/2021/02/08/2 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://security.archlinux.org/CVE-2021-26675 https://security.archlinux.org/CVE-2021-26676

[ASA-202102-24] connman: multiple issues

Arch Linux Security Advisory ASA-202102-24 ========================================== Severity: Critical Date : 2021-02-12 CVE-ID : CVE-2021-26675 CVE-2021-26676 Package : connman Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1543 Summary ======= The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 1.39-1. # pacman -Syu "connman>=1.39-1" The problems have been fixed upstream in version 1.39. Workaround ========== None. Description =========== - CVE-2021-26675 (arbitrary code execution) A security issue was found in connman 1.38. A stack buffer overflow can be used to execute code by network adjacent attackers. - CVE-2021-26676 (information disclosure) A security issue was found in connman 1.38. A stack information leak from an uninitialised variable can lead to information disclosure to a remote attacker. This information can be used to help exploiting CVE-2021-26675 reliably. Impact ====== A network adjacent attacker can execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/69583 https://www.openwall.com/lists/oss-security/2021/02/08/2 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://security.archlinux.org/CVE-2021-26675 https://security.archlinux.org/CVE-2021-26676