An update for NetworkManager is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2291 Final 1.0 1.0 2024-10-25 Initial 2024-10-25 2024-10-25 openEuler SA Tool V1.0 2024-10-25 NetworkManager security update An update for NetworkManager is now available for openEuler-24.03-LTS NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHCP server, and change name servers whenever it sees fit. Security Fix(es): A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.(CVE-2024-6501) An update for NetworkManager is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low NetworkManager https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2291 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6501 https://nvd.nist.gov/vuln/detail/CVE-2024-6501 openEuler-24.03-LTS NetworkManager-1.44.2-3.oe2403.aarch64.rpm NetworkManager-bluetooth-1.44.2-3.oe2403.aarch64.rpm NetworkManager-cloud-setup-1.44.2-3.oe2403.aarch64.rpm NetworkManager-debuginfo-1.44.2-3.oe2403.aarch64.rpm NetworkManager-debugsource-1.44.2-3.oe2403.aarch64.rpm NetworkManager-libnm-1.44.2-3.oe2403.aarch64.rpm NetworkManager-libnm-devel-1.44.2-3.oe2403.aarch64.rpm NetworkManager-ppp-1.44.2-3.oe2403.aarch64.rpm NetworkManager-team-1.44.2-3.oe2403.aarch64.rpm NetworkManager-wifi-1.44.2-3.oe2403.aarch64.rpm NetworkManager-wwan-1.44.2-3.oe2403.aarch64.rpm NetworkManager-1.44.2-3.oe2403.src.rpm NetworkManager-1.44.2-3.oe2403.x86_64.rpm NetworkManager-bluetooth-1.44.2-3.oe2403.x86_64.rpm NetworkManager-cloud-setup-1.44.2-3.oe2403.x86_64.rpm NetworkManager-debuginfo-1.44.2-3.oe2403.x86_64.rpm NetworkManager-debugsource-1.44.2-3.oe2403.x86_64.rpm NetworkManager-libnm-1.44.2-3.oe2403.x86_64.rpm NetworkManager-libnm-devel-1.44.2-3.oe2403.x86_64.rpm NetworkManager-ppp-1.44.2-3.oe2403.x86_64.rpm NetworkManager-team-1.44.2-3.oe2403.x86_64.rpm NetworkManager-wifi-1.44.2-3.oe2403.x86_64.rpm NetworkManager-wwan-1.44.2-3.oe2403.x86_64.rpm NetworkManager-config-server-1.44.2-3.oe2403.noarch.rpm NetworkManager-help-1.44.2-3.oe2403.noarch.rpm A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service. 2024-10-25 CVE-2024-6501 openEuler-24.03-LTS Low 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L NetworkManager security update 2024-10-25 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2291