Bug 30698

Summary: connman new security issues CVE-2022-3229[23]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: connman-1.38-2.2.mga8.src.rpm CVE: CVE-2022-32292, CVE-2022-32293
Status comment:

David Walser 2022-08-03 01:00:18 CEST

Status comment: (none) => Patches available from upstream
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-08-03 21:41:31 CEST 
Has been maintained by different people, so have to assign this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2022-08-22 18:04:21 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. (CVE-2022-32292)

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. (CVE-2022-32293)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32293
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UWUYL7FE7EBPBC7ZEMY2Q5OKW2V6KZ5F/
========================

Updated packages in core/updates_testing:
========================
connman-1.38-2.3.mga8
connman-devel-1.38-2.3.mga8

from SRPM:
connman-1.38-2.3.mga8.src.rpm

Status: NEW => ASSIGNED
Status comment: Patches available from upstream => (none)
Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs
CVE: (none) => CVE-2022-32292, CVE-2022-32293
Whiteboard: MGA8TOO => (none)
Source RPM: connman-1.40-3.mga9.src.rpm => connman-1.38-2.2.mga8.src.rpm
CC: (none) => nicolas.salguero

Comment 3 Herman Viaene 2022-08-24 10:27:02 CEST 
MGA8-64 Plasma on Acer Aspire 5253
No installation issues, including econnman.
Ref bug 29945 and 28321 for testing
quit net-applet, got message that wifi was disconnected
# systemctl start connman
# systemctl status connman
● connman.service - Connection service
     Loaded: loaded (/usr/lib/systemd/system/connman.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-08-24 10:16:00 CEST; 21s ago
   Main PID: 10123 (connmand)
      Tasks: 1 (limit: 4364)
     Memory: 1.1M
        CPU: 187ms
     CGroup: /system.slice/connman.service
             └─10123 /usr/sbin/connmand -n

Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: enp6s0 {newlink} index 2 address 1C:75:08:FA:94:52 mtu 1500
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: enp6s0 {newlink} index 2 operstate 2 <DOWN>
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: Adding interface enp6s0 [ ethernet ]
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {create} index 3 type 1 <ETHER>
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {RX} 46584 packets 58975774 bytes
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {TX} 16977 packets 1912095 bytes
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {update} flags 36866 <DOWN>
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {newlink} index 3 address 90:00:4E:73:13:B3 mtu 1500
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: wlp7s0 {newlink} index 3 operstate 2 <DOWN>
Aug 24 10:16:01 mach7.hviaene.thuis connmand[10123]: Adding interface wlp7s0 [ wifi ]
[root@mach7 ~]# connmanctl enable wifi
Enabled wifi
[root@mach7 ~]# connmanctl scan wifi
Error /net/connman/technology/wifi: No carrier
But I noticed that the wifi connection was up again.
And
# econnman-bin 
Traceback (most recent call last):
  File "/usr/bin/econnman-bin", line 1496, in <module>
    win = Window("econnman", ELM_WIN_BASIC)
  File "efl/elementary/window.pxi", line 45, in efl.elementary.__init__.Window.__init__
  File "efl/elementary/object.pxi", line 111, in efl.elementary.__init__.Object._set_obj
  File "efl/evas/efl.evas_object.pxi", line 198, in efl.evas.Object._set_obj
  File "efl/eo/efl.eo.pyx", line 254, in efl.eo.Eo._set_obj
AssertionError: Cannot set a NULL object
I'm hopeless with this tool.......

CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2022-09-05 22:34:10 CEST 
No installation issues updating over the previous version.

I have never had much success operating this, either. I attempted to run the same tests I used in Bug 29945 and bug 28321, with results the same as in the older one. The tool fails to connect to my wifi because of an input/output error with the passphrase. I don't recall what I did differently in bug 29945 to get it to connect.

I'm giving it an OK based mostly on the clean installs, and the fact that I got as far as I did attempting to use it, without crashing it. If this is insufficient, I'm willing to try again, but I'll need some handholding to do it.

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update

Dave Hodgins 2022-09-07 05:15:33 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-09-07 07:29:08 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0319.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED