Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6830-1

Ubuntu Security Notice 6830-1 - It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6830-1
June 12, 2024

libndp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

libndp could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:

  • libndp: Library for Neighbor Discovery Protocol

Details:

It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could use this issue to
cause NetworkManager to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libndp0 1.8-1fakesync1ubuntu0.24.04.1

Ubuntu 23.10
libndp0 1.8-1fakesync1ubuntu0.23.10.1

Ubuntu 22.04 LTS
libndp0 1.8-0ubuntu3.1

Ubuntu 20.04 LTS
libndp0 1.7-0ubuntu1.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6830-1
CVE-2024-5564

Package Information:
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/libndp/1.8-0ubuntu3.1
https://launchpad.net/ubuntu/+source/libndp/1.7-0ubuntu1.1

Related news

Red Hat Security Advisory 2024-4642-03

Red Hat Security Advisory 2024-4642-03 - An update for libndp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4643-03

Red Hat Security Advisory 2024-4643-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4641-03

Red Hat Security Advisory 2024-4641-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4640-03

Red Hat Security Advisory 2024-4640-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4636-03

Red Hat Security Advisory 2024-4636-03 - An update for libndp is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4622-03

Red Hat Security Advisory 2024-4622-03 - An update for libndp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-4620-03

Red Hat Security Advisory 2024-4620-03 - An update for libndp is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

Debian Security Advisory 5713-1

Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1