{"schema_version": "1.7.0", "id": "RLSA-2025:0377", "modified": "2025-03-17T20:18:45.442025Z", "published": "2025-03-17T20:16:43.608626Z", "upstream": ["CVE-2024-3661"], "summary": "Moderate: Security and bug fixes for NetworkManager", "details": "NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity and bug fix(es):\n\n* Routes in table different to main are not deleted on reapply [rhel-9.5.z] (JIRA:Rocky Linux-73013)\n* Route to VPN server not stored in routing table that is specified by ipv4.route-table [rhel-9.5.z] (JIRA:Rocky Linux-73166)\n* VPN connections do not support ipv4.routing-rules settings [rhel-9.5.z] (JIRA:Rocky Linux-73167)\n* CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic [rhel-9.5.z] (JIRA:Rocky Linux-64726)", "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "NetworkManager", "purl": "pkg:rpm/rocky-linux/NetworkManager?distro=rocky-linux-9&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:1.48.10-5.el9_5"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2025:0377"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}