Security update for NetworkManager SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1494-1 Final 1 1 2019-06-03T05:47:24Z current 2019-06-03T05:47:24Z 2019-06-03T05:47:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for NetworkManager This update for NetworkManager fixes the following issues: Following security issue was fixed: - CVE-2018-1000135: A potential leak of private DNS queries to other DNS servers could happen while on VPN (bsc#1086263, bgo#746422). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1494 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C5HHHP6HRC27GJXSH33SJTDNWTSVTWFT/#C5HHHP6HRC27GJXSH33SJTDNWTSVTWFT E-Mail link for openSUSE-SU-2019:1494-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1086263 SUSE Bug 1086263 https://www.suse.com/security/cve/CVE-2018-1000135/ SUSE CVE CVE-2018-1000135 page openSUSE Leap 15.0 NetworkManager-1.10.6-lp150.4.6.1 NetworkManager-branding-upstream-1.10.6-lp150.4.6.1 NetworkManager-devel-1.10.6-lp150.4.6.1 NetworkManager-devel-32bit-1.10.6-lp150.4.6.1 NetworkManager-lang-1.10.6-lp150.4.6.1 libnm-glib-vpn1-1.10.6-lp150.4.6.1 libnm-glib-vpn1-32bit-1.10.6-lp150.4.6.1 libnm-glib4-1.10.6-lp150.4.6.1 libnm-glib4-32bit-1.10.6-lp150.4.6.1 libnm-util2-1.10.6-lp150.4.6.1 libnm-util2-32bit-1.10.6-lp150.4.6.1 libnm0-1.10.6-lp150.4.6.1 typelib-1_0-NM-1_0-1.10.6-lp150.4.6.1 typelib-1_0-NMClient-1_0-1.10.6-lp150.4.6.1 typelib-1_0-NetworkManager-1_0-1.10.6-lp150.4.6.1 NetworkManager-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 NetworkManager-branding-upstream-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 NetworkManager-devel-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 NetworkManager-devel-32bit-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 NetworkManager-lang-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-glib-vpn1-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-glib-vpn1-32bit-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-glib4-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-glib4-32bit-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-util2-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm-util2-32bit-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 libnm0-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-NM-1_0-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-NMClient-1_0-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-NetworkManager-1_0-1.10.6-lp150.4.6.1 as a component of openSUSE Leap 15.0 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. CVE-2018-1000135 openSUSE Leap 15.0:NetworkManager-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:NetworkManager-branding-upstream-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:NetworkManager-devel-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:NetworkManager-devel-32bit-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:NetworkManager-lang-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-glib-vpn1-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-glib-vpn1-32bit-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-glib4-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-glib4-32bit-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-util2-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm-util2-32bit-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:libnm0-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:typelib-1_0-NM-1_0-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:typelib-1_0-NMClient-1_0-1.10.6-lp150.4.6.1 openSUSE Leap 15.0:typelib-1_0-NetworkManager-1_0-1.10.6-lp150.4.6.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C5HHHP6HRC27GJXSH33SJTDNWTSVTWFT/#C5HHHP6HRC27GJXSH33SJTDNWTSVTWFT https://www.suse.com/security/cve/CVE-2018-1000135.html CVE-2018-1000135 https://bugzilla.suse.com/1086263 SUSE Bug 1086263