-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3837-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 19, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libndp Version : 1.6-1+deb10u1 CVE ID : CVE-2024-5564 Debian Bug : 1072366 It was discovered that there was a buffer overflow vulnerability in libndp, a library for implementing IPv6's "Neighbor Discovery Protocol" (NDP) and is used by Network Manager and other networking tools. A local, malicious user could have caused a buffer overflow in Network Manager by sending a malformed IPv6 router advertisement packet. This issue existed because libndp was not correctly validating route length information. For Debian 10 buster, this problem has been fixed in version 1.6-1+deb10u1. We recommend that you upgrade your libndp packages. For the detailed security status of libndp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libndp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmZzJXoACgkQHpU+J9Qx HlgN3BAAtdNeiDGbZyz68K+pdYBMWQgchRQCPo9/EXKG+PNFylXtqAvAMlGVne3u pHt3hI+9eAqeNVDo3ZMPj12kLa2o9isrxx7CyxK7UImaWTX1ErmbCNMBfCGVQGLI ivZDEbX+kpps6frXTrpsdZV8Q7/VvmF5EsOucIMd06nnA5eiZvBn1tm4VSPpsHLL d3jOJqEuW3QHH50k6COdbcgvpzdiH7Ga5zxO56ehdyDpu6x+vHFwvypWQjhO7d7+ WYn6yJzfagxCIBZChb/1xKLR2tEawCt1D/Hwsmg+pcsvR7ydyo/Q6RmACbYH+ZI3 s7Hw5eHUFk2G269/WGl+rx1bRzyo/efayZltfWmlRafVHMbfR87oYr4se6PmZyGj FzhgDm3sJ7xXQUWtuCkRtsYYjGdOk+n8cDRG2Hq63ciYFR6O+tm627mIKtGD+EuA OgG1H/O32cGb+s4QwJwIjja94As7enEUQfZqgpxgfJc+Q7UvwL+gpNSBaMPm9hjy kVoS516gfdVqtaLtDCxcHPkhJaUkfY8irUednHqBI5QkIFIz9CsxKAID8VV6InUf 9lDVKts+y0LhDaQ2+y8JkH+3B9Y6jHkPYGhpJTN+jVhs2kitUCBIrfnBRpmrwMq3 I+zrfiVPdY7//8N5boqxStlsSTg1O4T4Rx3u3HQM25qgiPsqNFg= =H5HP -----END PGP SIGNATURE-----
