Headline
Ubuntu Security Notice USN-6830-1
Ubuntu Security Notice 6830-1 - It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-6830-1
June 12, 2024
libndp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
libndp could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- libndp: Library for Neighbor Discovery Protocol
Details:
It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could use this issue to
cause NetworkManager to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libndp0 1.8-1fakesync1ubuntu0.24.04.1
Ubuntu 23.10
libndp0 1.8-1fakesync1ubuntu0.23.10.1
Ubuntu 22.04 LTS
libndp0 1.8-0ubuntu3.1
Ubuntu 20.04 LTS
libndp0 1.7-0ubuntu1.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6830-1
CVE-2024-5564
Package Information:
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/libndp/1.8-0ubuntu3.1
https://launchpad.net/ubuntu/+source/libndp/1.7-0ubuntu1.1
Related news
Red Hat Security Advisory 2024-4642-03 - An update for libndp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4643-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4641-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4640-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4636-03 - An update for libndp is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4622-03 - An update for libndp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-4620-03 - An update for libndp is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.