Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu 16.04 LTS USN-2980-1 Critical: libndp NDP Message Risk

Calendar May 17, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network attack libndp
libndp could be tricked into accepting an NDP message from outside the local network. 
=========================================================================Ubuntu Security Notice USN-2980-1
May 17, 2016

libndp vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 15.10

Summary:

libndp could be tricked into accepting an NDP message from outside the
local network.

Software Description:
- libndp: Library for Neighbor Discovery Protocol

Details:

Julien Bernard discovered that libndp incorrectly performed origin checks
when receiving Neighbor Discovery Protocol (NDP) messages. A remote
attacker outside of the local network could use this issue to advertise a
node as a router, causing a denial of service, or possibly to act as a man
in the middle.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libndp0                         1.4-2ubuntu0.16.04.1

Ubuntu 15.10:
  libndp0                         1.4-2ubuntu0.15.10.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2980-1
  CVE-2016-3698

Package Information:
  https://launchpad.net/ubuntu/+source/libndp/1.4-2ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/libndp/1.4-2ubuntu0.15.10.1

Ubuntu 16.04 LTS USN-2980-1 Critical: libndp NDP Message Risk

ubuntu
Calendar Grey May 17, 2016
Dist Ubuntu Esm H88
Ensure your Ubuntu system is up-to-date to address the libndp security vulnerability that poses risks for network exploitation and service interruptions.
libndp could be tricked into accepting an NDP message from outside the local network.

Summary

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network attack libndp

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libndp0 1.4-2ubuntu0.16.04.1 Ubuntu 15.10: libndp0 1.4-2ubuntu0.15.10.1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2980-1

CVE-2016-3698

Severity
critical
Lowest
Low
Medium
High
Critical

May 17, 2016

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network attack libndp

Package Information

https://launchpad.net/ubuntu/+source/libndp/1.4-2ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/libndp/1.4-2ubuntu0.15.10.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here