Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Ubuntu 22.04: 2023-45f7abc123 Serious: NetworkManager DoS And Memory Leak

fedora
Calendar Grey April 20, 2023
Dist Fedora Esm H88
Address critical NetworkManager DoS and memory leak vulnerabilities impacting Ubuntu 22.04 systems.
Update to the latest 1.0.16: * Lots of updates, enhancements and fixes from 1.0.4 * CVEs: CVE-2020-27827, CVE-2021-43612

Summary

LLDP is an industry standard protocol designed to supplant proprietary

Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide

an inter-vendor compatible mechanism to deliver Link-Layer notifications

to adjacent network devices.

Update to the latest 1.0.16: * Lots of updates, enhancements and fixes from

1.0.4 * CVEs: CVE-2020-27827, CVE-2021-43612

* Tue Apr 11 2023 Peter Robinson - 1.0.16-1

- Update to 1.0.16

- Modernise spec file

- CVEs: CVE-2020-27827, CVE-2020-27827, CVE-2021-43612

* Thu Jan 19 2023 Fedora Release Engineering - 1.0.4-12

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Thu Dec 8 2022 Florian Weimer - 1.0.4-11

- Port configure script to C99

* Thu Jul 21 2022 Fedora Release Engineering - 1.0.4-10

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[ 1 ] Bug #1797336 - lldpd-1.0.16 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1797336

[ 2 ] Bug #1921441 - CVE-2020-27827 lldpd: lldp/openvswitch: denial of service via externally triggered memory leak [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1921441

[ 3 ] Bug #2040390 - CVE-2021-43612 lldpd: heap-based buffer overflow [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2040390

su -c 'dnf upgrade --advisory FEDORA-2023-3e4feeadec' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Fedora critical severity lldpd

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 1.0.16
Release: 1.fc36
URL: https://github.com/lldpd/
Summary: ISC-licensed implementation of LLDP

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Fedora critical severity lldpd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here