Important: libndp security update

2024-07-1800:00:00

errata.almalinux.org

libndp

security update

buffer overflow

route information

networkmanager

ipv6

neighbor discovery protocol

ndptool

cve-2024-5564

unix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

Percentile

13.8%

JSON

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

libndp: buffer overflow in route information length field (CVE-2024-5564)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8i686libndp< 1.7-7.el8_10.alma.1libndp-1.7-7.el8_10.alma.1.i686.rpm
almalinux8aarch64libndp< 1.7-7.el8_10.alma.1libndp-1.7-7.el8_10.alma.1.aarch64.rpm
almalinux8x86_64libndp< 1.7-7.el8_10.alma.1libndp-1.7-7.el8_10.alma.1.x86_64.rpm
almalinux8ppc64lelibndp< 1.7-7.el8_10.alma.1libndp-1.7-7.el8_10.alma.1.ppc64le.rpm
almalinux8s390xlibndp< 1.7-7.el8_10.alma.1libndp-1.7-7.el8_10.alma.1.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	i686	libndp	< 1.7-7.el8_10.alma.1	libndp-1.7-7.el8_10.alma.1.i686.rpm
almalinux	8	aarch64	libndp	< 1.7-7.el8_10.alma.1	libndp-1.7-7.el8_10.alma.1.aarch64.rpm
almalinux	8	x86_64	libndp	< 1.7-7.el8_10.alma.1	libndp-1.7-7.el8_10.alma.1.x86_64.rpm
almalinux	8	ppc64le	libndp	< 1.7-7.el8_10.alma.1	libndp-1.7-7.el8_10.alma.1.ppc64le.rpm
almalinux	8	s390x	libndp	< 1.7-7.el8_10.alma.1	libndp-1.7-7.el8_10.alma.1.s390x.rpm