Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201510-25 ========================================= Severity: Medium Date : 2015-10-30 CVE-ID : CVE-2015-8011 CVE-2015-8012 Package : lldpd Type : denial of service Remote : Yes Link : Summary ====== The package lldpd before version 0.7.19-1 is vulnerable denial of service. Resolution ========= Upgrade to 0.7.19-1. # pacman -Syu "lldpd>=0.7.19-1" The problems have been fixed upstream in version 0.7.19. Workaround ========= None. Description ========== - CVE-2015-5714 (denial of service) A buffer overflow has been discovered when handling management address TLV. When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. - CVE-2015-5715 (denial of service) A vulnerability has been discovered that is triggering an application crash while using assert() if a malformed packet is handled. Impact ===== A remote attacker is able to crash the application leading to denial of service. References ========= https://www.cve.org/CVERecord?id=CVE-2015-8011 https://www.cve.org/CVERecord?id=CVE-2015-8012 https://seclists.org/oss-sec/2015/q4/198