Headline
Debian Security Advisory 5713-1
Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5713-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJune 16, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libndpCVE ID : CVE-2024-5564A buffer overflow was discovered in libndp, a library implementing theIPv6 Neighbor Discovery Protocol (NDP), which could result in denial ofservice or potentially the execution of arbitrary code if malformedIPv6 router advertisements are processed.For the oldstable distribution (bullseye), this problem has been fixedin version 1.6-1+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.8-1+deb12u1.We recommend that you upgrade your libndp packages.For the detailed security status of libndp please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libndpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZvJhIACgkQEMKTtsN8TjaFxRAAoZ0KcqyXTKSql5dnEURXQPpbzVnjYd4xnEzbunVupRTJnFmDpF/huBYl+Owh85Et0uUvEwYZIGb5bt47jStw4iBHYSG7AaWWPWmlqPT2izu461AL1njjDJh0i3BPGxTm1lY1k8tnUZkPp08BonJKnesSsogiFy51L0Apmug3/UJu9HrsUGGeVsI3oFHgxQWAe92f/9mTzst0J1BoGYC66n2CUISVUBUmyCBBKiPWbzVX5fSMu5ZAgRCCm+8VcEgFG2zZmOxaWqhlKmWNcraAsJmi4Y4Isp7AsmYFjHogY/jURDf5Y/CcdGuKwyGThk0sU67kbEgQDkCW+40OGU+WuEE+5cU5FytNZzNunsu9BZM+YqwrtRHBZhmJMr1+io9pJaX/a2wQqiHxOsb8wKbWnykDmgXRHd3qAj/XzRjzipebfr+5N7wOee8JritwniCimSSD3Uaev7HdFWO6DbhQZNH+EKpSgAZY0JlM96yIUafH6dwnH3NM/bBYP0iEbm+bXE8emF4XfkAU5TZuvPmsQgKCf8idgcHAE9a0jSv8e5bi4JNa0adLO+0B9RtuOhRGjhTtkkzwYeU1/07vGnQrZasDjZoFgHcnrXqD8hDFVYX4z8T4pn0AMe1BXLaAx83D8JOX2SqP6qiiwOGViSDyZl/JUGQ/zmUf2rEDU6fXBic==ilxi-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-4642-03 - An update for libndp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4643-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4641-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4640-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4636-03 - An update for libndp is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4622-03 - An update for libndp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4620-03 - An update for libndp is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 6830-1 - It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.