This issue is similar to CVE-2015-2922 (bug 1203712). This might refer to the code below: http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/rdisc/nm-lndp-rdisc.c ... hop_limit = ndp_msgra_curhoplimit (msgra); if (rdisc->hop_limit != hop_limit) { rdisc->hop_limit = hop_limit; changed |= NM_RDISC_CONFIG_HOP_LIMIT; ... CVE was assigned here: http://seclists.org/oss-sec/2015/q2/46
Created NetworkManager tracking bugs for this issue: Affects: fedora-all [bug 1209903]
Created attachment 1012277 [details] patch only to increase (not decrease) the hop-limit
- /* don't allow unreasonable small values */ + /* don't allow unreasonably small values */ LGTM
On current master the patch needs to be rebased after 2316d233e36d, anyway looks OK to me.
merged to master: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=bdaaf9849b0cacf131b71fa2ae168f5db796874f nm-1-0: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=6e8c5b51b16c6a60a533ce753bcc54b7e2e703ca
(In reply to Thomas Haller from comment #6) > merged to > > master: > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/ > ?id=bdaaf9849b0cacf131b71fa2ae168f5db796874f > > nm-1-0: > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/ > ?id=6e8c5b51b16c6a60a533ce753bcc54b7e2e703ca and nm-0-9-10: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d195edb95a543f7eebbd0a164e8ff3bef599370a This issue doesn't affect NetworkManager on RHEL-6, as NM on RHEL-6 doesn't do RA/SLAAC in userspace.
NetworkManager-1.0.2-1.fc22, NetworkManager-openconnect-1.0.2-1.fc22, NetworkManager-vpnc-1.0.2-1.fc22, network-manager-applet-1.0.2-1.fc22, NetworkManager-openvpn-1.0.2-1.fc22, NetworkManager-openswan-1.0.2-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-0.9.10.2-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1199276 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2315 https://rhn.redhat.com/errata/RHSA-2015-2315.html