[SECURITY] [DLA 3837-1] libndp security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3837-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
June 19, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libndp
Version : 1.6-1+deb10u1
CVE ID : CVE-2024-5564
Debian Bug : 1072366
It was discovered that there was a buffer overflow vulnerability in
libndp, a library for implementing IPv6's "Neighbor Discovery
Protocol" (NDP) and is used by Network Manager and other networking
tools.
A local, malicious user could have caused a buffer overflow in
Network Manager by sending a malformed IPv6 router advertisement
packet. This issue existed because libndp was not correctly
validating route length information.
For Debian 10 buster, this problem has been fixed in version
1.6-1+deb10u1.
We recommend that you upgrade your libndp packages.
For the detailed security status of libndp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libndp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmZzJXoACgkQHpU+J9Qx
HlgN3BAAtdNeiDGbZyz68K+pdYBMWQgchRQCPo9/EXKG+PNFylXtqAvAMlGVne3u
pHt3hI+9eAqeNVDo3ZMPj12kLa2o9isrxx7CyxK7UImaWTX1ErmbCNMBfCGVQGLI
ivZDEbX+kpps6frXTrpsdZV8Q7/VvmF5EsOucIMd06nnA5eiZvBn1tm4VSPpsHLL
d3jOJqEuW3QHH50k6COdbcgvpzdiH7Ga5zxO56ehdyDpu6x+vHFwvypWQjhO7d7+
WYn6yJzfagxCIBZChb/1xKLR2tEawCt1D/Hwsmg+pcsvR7ydyo/Q6RmACbYH+ZI3
s7Hw5eHUFk2G269/WGl+rx1bRzyo/efayZltfWmlRafVHMbfR87oYr4se6PmZyGj
FzhgDm3sJ7xXQUWtuCkRtsYYjGdOk+n8cDRG2Hq63ciYFR6O+tm627mIKtGD+EuA
OgG1H/O32cGb+s4QwJwIjja94As7enEUQfZqgpxgfJc+Q7UvwL+gpNSBaMPm9hjy
kVoS516gfdVqtaLtDCxcHPkhJaUkfY8irUednHqBI5QkIFIz9CsxKAID8VV6InUf
9lDVKts+y0LhDaQ2+y8JkH+3B9Y6jHkPYGhpJTN+jVhs2kitUCBIrfnBRpmrwMq3
I+zrfiVPdY7//8N5boqxStlsSTg1O4T4Rx3u3HQM25qgiPsqNFg=
=H5HP
-----END PGP SIGNATURE-----
Reply to: