Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1225771 Cross-References: * CVE-2024-5564 . # Security update for libndp Announcement ID: SUSE-SU-2025:20088-1 Release Date: 2025-02-03T09:09:40Z Rating: important References: * bsc#1225771 Cross-References: * CVE-2024-5564 CVSS scores: * CVE-2024-5564 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-5564 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libndp fixes the following issues: * CVE-2024-5564: Fixed buffer overflow in route information length field (bsc#1225771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-107=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libndp0-debuginfo-1.8-3.1 * libndp0-1.8-3.1 * libndp-debugsource-1.8-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5564.html * https://bugzilla.suse.com/show_bug.cgi?id=1225771 . Important SUSE patch for libndp fixes buffer overflow vulnerability in SUSE Linux Micro. Make sure your system is protected.. SUSE Linux, libndp, security patch, buffer overflow, Linux updates. . Severity: Important. LinuxSecurity.com Team
* bsc#1225771 Cross-References: * CVE-2024-5564 . # Security update for libndp Announcement ID: SUSE-SU-2025:20088-1 Release Date: 2025-02-03T09:09:40Z Rating: important References: * bsc#1225771 Cross-References: * CVE-2024-5564 CVSS scores: * CVE-2024-5564 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-5564 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libndp fixes the following issues: * CVE-2024-5564: Fixed buffer overflow in route information length field (bsc#1225771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-107=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libndp0-debuginfo-1.8-3.1 * libndp-debugsource-1.8-3.1 * libndp0-1.8-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5564.html * https://bugzilla.suse.com/show_bug.cgi?id=1225771 . Critical security patch released for SUSE Linux Micro addressing buffer overflow vulnerability in libndp related to CVE-2024-5564. Update immediately!. SUSE Linux Micro, libndp update, CVE-2024-5564, buffer overflow fix, important security update. . Severity: Important. LinuxSecurity.com Team
libndp could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7248-1 February 03, 2025 libndp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: libndp could be made to crash or run programs if it received specially crafted network traffic. Software Description: - libndp: Library for Neighbor Discovery Protocol Details: It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could possibly use this issue to cause NetworkManager to crash, resulting in a denial of service, or the execution of arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libndp0 1.6-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libndp0 1.4-2ubuntu0.16.04.1+esm1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7248-1 CVE-2024-5564 . A security advisory for Ubuntu addresses the libndp vulnerability, which risks system crashes or unauthorized execution due to malformed network packets. libndp, Ubuntu security, NetworkManager, denial of service, security updates. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4622 http://linux.oracle.com/errata/ELSA-2024-4622.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: libndp-1.2-10.0.1.el7_9.aarch64.rpm libndp-devel-1.2-10.0.1.el7_9.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//libndp-1.2-10.0.1.el7_9.src.rpm Related CVEs: CVE-2024-5564 Description of changes: [1.2-10.0.1] - Increasing release number as per Oracle package release policy _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4622 http://linux.oracle.com/errata/ELSA-2024-4622.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libndp-1.2-10.0.1.el7_9.i686.rpm libndp-1.2-10.0.1.el7_9.x86_64.rpm libndp-devel-1.2-10.0.1.el7_9.i686.rpm libndp-devel-1.2-10.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//libndp-1.2-10.0.1.el7_9.src.rpm Related CVEs: CVE-2024-5564 Description of changes: [1.2-10.0.1] - Increasing release number as per Oracle package release policy _______________________________________________ El-errata mailing list
Important: libndp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4636", "synopsis": "Important: libndp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libndp.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.\n\nSecurity Fix(es):\n\n* libndp: buffer overflow in route information length field (CVE-2024-5564)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2284122", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2284122", "description": ""}], "cves": [{"name": "CVE-2024-5564", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5564", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-07-26T12:33:54.254327Z", "rpms": {"Rocky Linux 9": {"nvras": ["libndp-0:1.8-6.el9_4.i686.rpm", "libndp-0:1.8-6.el9_4.aarch64.rpm", "libndp-0:1.8-6.el9_4.ppc64le.rpm", "libndp-0:1.8-6.el9_4.s390x.rpm", "libndp-0:1.8-6.el9_4.src.rpm", "libndp-0:1.8-6.el9_4.x86_64.rpm", "libndp-debuginfo-0:1.8-6.el9_4.aarch64.rpm", "libndp-debuginfo-0:1.8-6.el9_4.ppc64le.rpm", "libndp-debuginfo-0:1.8-6.el9_4.s390x.rpm", "libndp-debuginfo-0:1.8-6.el9_4.x86_64.rpm", "libndp-debugsource-0:1.8-6.el9_4.aarch64.rpm", "libndp-debugsource-0:1.8-6.el9_4.ppc64le.rpm", "libndp-debugsource-0:1.8-6.el9_4.s390x.rpm", "libndp-debugsource-0:1.8-6.el9_4.x86_64.rpm"]}}, "rebootSuggested": false,"buildReferences": []}. Important libndp security patch available for Rocky Linux addressing buffer overflow flaws. Secure your environment immediately!. libndp security update, Rocky Linux advisory, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
Important: libndp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4620", "synopsis": "Important: libndp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libndp.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.\n\nSecurity Fix(es):\n\n* libndp: buffer overflow in route information length field (CVE-2024-5564)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2284122", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2284122", "description": ""}], "cves": [{"name": "CVE-2024-5564", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5564", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-120"}], "references": [], "publishedAt": "2024-07-26T12:32:49.384788Z", "rpms": {"Rocky Linux 8": {"nvras": ["libndp-0:1.7-7.el8_10.aarch64.rpm", "libndp-0:1.7-7.el8_10.i686.rpm", "libndp-0:1.7-7.el8_10.src.rpm", "libndp-0:1.7-7.el8_10.x86_64.rpm", "libndp-debuginfo-0:1.7-7.el8_10.aarch64.rpm", "libndp-debuginfo-0:1.7-7.el8_10.i686.rpm", "libndp-debuginfo-0:1.7-7.el8_10.x86_64.rpm", "libndp-debugsource-0:1.7-7.el8_10.aarch64.rpm", "libndp-debugsource-0:1.7-7.el8_10.i686.rpm", "libndp-debugsource-0:1.7-7.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A critical libndp security patch for Rocky Linux has been released to fix a buffer overflow vulnerability. Getdetails on the update.. libndp Update, Rocky Linux Security, Ubuntu Security Advisory. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4636 http://linux.oracle.com/errata/ELSA-2024-4636.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libndp-1.8-6.el9_4.i686.rpm libndp-1.8-6.el9_4.x86_64.rpm aarch64: libndp-1.8-6.el9_4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//libndp-1.8-6.el9_4.src.rpm Related CVEs: CVE-2024-5564 Description of changes: [1.8-6] - Validate route information option length [1.8-5] - Convert the license tag to SPDX format Related: RHELMISC-1363 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.