libndp-1.8-6.el9_4.ML.1

エラータID: AXSA:2024-8585:02

Release date: 
Monday, July 22, 2024 - 10:56
Subject: 
libndp-1.8-6.el9_4.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

* libndp: buffer overflow in route information length field (CVE-2024-5564)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-5564
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Solution: 

Update packages.

CVEs: 
CVE-2024-5564
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
Additional Info: 

N/A

Download: 

SRPMS
  1. libndp-1.8-6.el9_4.ML.1.src.rpm
    MD5: d7d57f2fe9b7455676373fa1a238e0ef
    SHA-256: 0282f318ec78889786397371da83e4fce35aa6856ed6ed5c1136595a45a5f157
    Size: 366.75 kB

Asianux Server 9 for x86_64
  1. libndp-1.8-6.el9_4.ML.1.i686.rpm
    MD5: c5c345060370ac0e385c278839311cbd
    SHA-256: aaaf0348543417be871f2068397e4ebefff22e895be5ebfcb67e775a83918ac9
    Size: 36.77 kB
  2. libndp-1.8-6.el9_4.ML.1.x86_64.rpm
    MD5: fc830ce400e094645b88bb4abca3c588
    SHA-256: fad1627d0d066af1d10aba845d4c0db64000d48b89c607e19cc25f5a26f51965
    Size: 36.12 kB