CVE-2022-4968

NameCVE-2022-4968
Descriptionnetplan leaks the private key of wireguard to local users. A security fix will be released soon.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1072789

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netplan.io (PTS)buster0.95-2vulnerable
bullseye0.101-4vulnerable
bookworm0.106-2+deb12u1vulnerable
trixie1.0-3vulnerable
sid1.0-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netplan.iosource(unstable)(unfixed)1072789

Notes

[bookworm] - netplan.io <no-dsa> (Minor issue)
[bullseye] - netplan.io <no-dsa> (Minor issue)
[buster] - netplan.io <postponed> (Minor issue)
https://bugs.launchpad.net/netplan/+bug/1987842
https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738

Search for package or bug name: Reporting problems