Wednesday, June 12, 2024

[USN-6830-1] libndp vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmZpnf8ACgkQZWnYVadE
vpMR8BAAoUp8l09v3lZi8lvt8v+bIUHRS7LBMLfJ4F6pEYel9MBEozdeCRubHhN6
jpJ6RJy/SobybTDzma1a/Pofi42ByorQHCWveNGucnDUZMBDYy1VgS1oKpAE5FBN
6DXiI4LQu7+6uAVvCDDGr5i7AuovrtZLt+BSNOINDsj0T3z2Rgzb8kOLhzx7frXz
yA3yV8UNNekLPxc+p6bOksJEaOBX+h/lkh23Smxz6rgfnAw8K5OHn3H0XQQxxg9b
/Iyj820VQ72Pfxw/Nepry7J4nVLN2zNGqFpWYrPNBt6m7VS6+QGW3gQFzZI0RiIO
nBxYAWC2wvz5LiwFBhQPF7igaj5LqH9Oa4a4lOiVoZ41WXE0vYNUGd+93tPzuHvn
dS78OjFsdZ8YPS0SPiAcoqvJDTlH0Q/esy/ynUlJ61Q4/T4Xaqsx7223HQEDwJOb
Vw3H2xT4lL9LCpZ8eOeVRdJjs2LIyslMgKNWrwWrFO5SUWZv08m78kFqbBnp5ftk
XK+K6FwfPmkqbTXOGGjXqtVypSBwFeAw7Mqe8a2Sg8ihJwP0L6KfM8ms+9imGzfF
j74k88f2EKuOCcG+GNsTsfFZx9bhperPlXWGLNjSdtfwROwCOTbBQ71gt+5w+U0D
1X0At8VEU8VRBs3iW+8zSLhVyZlH3IkGc9V2uk9o8mz0Lg+5x3w=
=hapg
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6830-1
June 12, 2024

libndp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

libndp could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- libndp: Library for Neighbor Discovery Protocol

Details:

It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could use this issue to
cause NetworkManager to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libndp0 1.8-1fakesync1ubuntu0.24.04.1

Ubuntu 23.10
libndp0 1.8-1fakesync1ubuntu0.23.10.1

Ubuntu 22.04 LTS
libndp0 1.8-0ubuntu3.1

Ubuntu 20.04 LTS
libndp0 1.7-0ubuntu1.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6830-1
CVE-2024-5564

Package Information:
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/libndp/1.8-0ubuntu3.1
https://launchpad.net/ubuntu/+source/libndp/1.7-0ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)