Vulnerability CVE-2018-15688: Information

Description

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-15688

Published: Oct. 26, 2018

Modified: Jan. 31, 2022

Error type identifier: CWE-120

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
NetworkManager	sisyphus	1.14.5-alt1.gitba83251bba87	1.46.0-alt2	ALT-PU-2018-2584-1	216025	Fixed
NetworkManager	p10	1.14.5-alt1.gitba83251bba87	1.46.0-alt1.p10.1	ALT-PU-2018-2584-1	216025	Fixed
NetworkManager	p9	1.14.5-alt1.gitba83251bba87	1.18.11-alt1.gite2fdbc2b7482	ALT-PU-2018-2584-1	216025	Fixed
NetworkManager	p8	1.8.9-alt1.M80P.1.git1d3ce06d137c	1.8.9-alt1.M80P.2.git1d3ce06d137c	ALT-PU-2018-2596-1	216028	Fixed
NetworkManager	c10f1	1.14.5-alt1.gitba83251bba87	1.40.18-alt1.p10.2	ALT-PU-2018-2584-1	216025	Fixed
NetworkManager	c9f2	1.14.5-alt1.gitba83251bba87	1.18.11-alt1.gite2fdbc2b7482	ALT-PU-2018-2584-1	216025	Fixed
systemd	sisyphus	239-alt3	254.10-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	p10	239-alt3	249.17-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	p9	239-alt3	247.13-alt1	ALT-PU-2018-2572-1	215710	Fixed
systemd	c10f1	239-alt3	249.17-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	c9f2	239-alt3	246.14-alt1	ALT-PU-2018-2572-1	215710	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/systemd/systemd/pull/10518	Patch Third Party Advisory
105745	Third Party Advisory VDB Entry
GLSA-201810-10	Third Party Advisory
USN-3807-1	Third Party Advisory
USN-3806-1	Third Party Advisory
[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update	Mailing List Third Party Advisory
RHSA-2018:3665	Third Party Advisory
RHSA-2019:0049	Third Party Advisory
RHBA-2019:0327	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
  End including
  239
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2018-15688: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4