[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3837-1] libndp security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3837-1                [email protected]
https://www.debian.org/lts/security/                           Chris Lamb
June 19, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libndp
Version        : 1.6-1+deb10u1
CVE ID         : CVE-2024-5564
Debian Bug     : 1072366

It was discovered that there was a buffer overflow vulnerability in
libndp, a library for implementing IPv6's "Neighbor Discovery
Protocol" (NDP) and is used by Network Manager and other networking
tools.

A local, malicious user could have caused a buffer overflow in
Network Manager by sending a malformed IPv6 router advertisement
packet. This issue existed because libndp was not correctly
validating route length information.

For Debian 10 buster, this problem has been fixed in version
1.6-1+deb10u1.

We recommend that you upgrade your libndp packages.

For the detailed security status of libndp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libndp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmZzJXoACgkQHpU+J9Qx
HlgN3BAAtdNeiDGbZyz68K+pdYBMWQgchRQCPo9/EXKG+PNFylXtqAvAMlGVne3u
pHt3hI+9eAqeNVDo3ZMPj12kLa2o9isrxx7CyxK7UImaWTX1ErmbCNMBfCGVQGLI
ivZDEbX+kpps6frXTrpsdZV8Q7/VvmF5EsOucIMd06nnA5eiZvBn1tm4VSPpsHLL
d3jOJqEuW3QHH50k6COdbcgvpzdiH7Ga5zxO56ehdyDpu6x+vHFwvypWQjhO7d7+
WYn6yJzfagxCIBZChb/1xKLR2tEawCt1D/Hwsmg+pcsvR7ydyo/Q6RmACbYH+ZI3
s7Hw5eHUFk2G269/WGl+rx1bRzyo/efayZltfWmlRafVHMbfR87oYr4se6PmZyGj
FzhgDm3sJ7xXQUWtuCkRtsYYjGdOk+n8cDRG2Hq63ciYFR6O+tm627mIKtGD+EuA
OgG1H/O32cGb+s4QwJwIjja94As7enEUQfZqgpxgfJc+Q7UvwL+gpNSBaMPm9hjy
kVoS516gfdVqtaLtDCxcHPkhJaUkfY8irUednHqBI5QkIFIz9CsxKAID8VV6InUf
9lDVKts+y0LhDaQ2+y8JkH+3B9Y6jHkPYGhpJTN+jVhs2kitUCBIrfnBRpmrwMq3
I+zrfiVPdY7//8N5boqxStlsSTg1O4T4Rx3u3HQM25qgiPsqNFg=
=H5HP
-----END PGP SIGNATURE-----
Reply to: