libndp-1.7-7.el8_10.ML.1

エラータID: AXSA:2024-8582:01

Release date: 
Friday, July 19, 2024 - 22:39
Subject: 
libndp-1.7-7.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

* libndp: buffer overflow in route information length field (CVE-2024-5564)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

CVE-2024-5564
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Solution: 

Update packages.

CVEs: 
CVE-2024-5564
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Additional Info: 

N/A

Download: 

SRPMS
  1. libndp-1.7-7.el8_10.ML.1.src.rpm
    MD5: 23d277b10ecd4529ad301887396bd66a
    SHA-256: 12d3de6c5705eee0be0affb4ac5fc5af3a23ecb2b07c1a0c79b23dda30915aa8
    Size: 378.20 kB

Asianux Server 8 for x86_64
  1. libndp-1.7-7.el8_10.ML.1.i686.rpm
    MD5: 108208a02f698355d445a4cdc8dc46d8
    SHA-256: 590007ea167c6251af8e5a76d05be67a46c168ee11f749eff46760e0e44ca8f1
    Size: 40.63 kB
  2. libndp-1.7-7.el8_10.ML.1.x86_64.rpm
    MD5: 125ec7d4896420999de1323b508080d3
    SHA-256: 8ffb69f7e7b9b1d5eb187977edc46b6e1b0900cca35069448125edaea83b03a0
    Size: 39.57 kB