Source: network-manager Version: 1.10.6-2 Severity: normal Tags: security Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=746422
Hi, The following vulnerability was published for network-manager. CVE-2018-1000135[0]: | GNOME NetworkManager version 1.10.2 and earlier contains a Information | Exposure (CWE-200) vulnerability in DNS resolver that can result in | Private DNS queries leaked to local network's DNS servers, while on | VPN. This vulnerability appears to have been fixed in Some Ubuntu | 16.04 packages were fixed, but later updates removed the fix. cf. | https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does | not appear to be available at this time. There is work in progress in [1], [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000135 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000135 [1] https://bugzilla.gnome.org/process_bug.cgi [2] https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=bg/dns-bgo746422 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
