Tuesday, February 4, 2025

[USN-7248-1] libndp vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeiIJ0FAwAAAAAACgkQ8pSCVQZYHygr
hw//TLglRGarSfF5xSKvzCak+ieFH5GgOM/LNme2t8A76jsiorghP4DSimm9Ampui37+9KmJfyxl
1gfJewOdmGvvudrNVNC2KQRkUILeAZEJpWMJVkmV0v7N7LvG02ci09/8qtu942SkTKPFxbOiB+xs
XWHOgNDCP0wYpZdaPtnigehTkrSKjrd1oM6M5Ew6Z6LISGiydL/rd9foR4MFX6vcKa0QyrsaLDlF
uQW1yyCReXHjSWSEjVc5b98ppegCm7iubgxF3mc6hbJ5W1hsOCqJ7gRnQehrdxx7Gz0vvl8NjFV+
0WbbYp60xPhdhUF6lJVR7cwhuTdjrlz1ZSBERwMdqmw38A5+C1Y5dyNFCXqk8fnIUhw8gPPMgcL/
ILP5yIuNkGYD/LKNygWPZ0VsxMLQUw8ewLbogq1LMWn5d5f98UiR2t8OWmyqD5tV0c+htUJAChqH
+SI886ebbmmLzD4AUPmusb+H5f/9X15FhptObhU38lI1vQR0+X0XfosaLgg7nbGrQ8U1tv0hSHN3
K4MfX3617Q4iFvbDsr8gnz62UaHEbpstbuhxPhLnXjPwPOrjloqfo0XJJ4Xoolso0SfKyS/yRPzp
ccZitMAwchW8mNOM69V6hN6hKEKy9TXS7SfGcG/wxgQW2wQ8Z2DkEoE0g/t2n5bPsitqspqneIq5
GVY=
=vXUu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7248-1
February 03, 2025

libndp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

libndp could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- libndp: Library for Neighbor Discovery Protocol

Details:

It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could possibly use this
issue to cause NetworkManager to crash, resulting in a denial of service,
or the execution of arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libndp0                         1.6-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libndp0                         1.4-2ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7248-1
  CVE-2024-5564

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)