StarlingX

[Debian] Medium CVE: CVE-2024-5564 libndp: a buffer overflow in NetworkManager

Bug #2069552 reported by Yue Tao on 2024-06-17

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Peng Zhang

Bug Description

CVE-2024-5564: https://nvd.nist.gov/vuln/detail/CVE-2024-5564

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Base Score: Medium

Reference:

['libndp0_1.6-1_amd64.deb===>libndp0_1.6-1+deb11u1_amd64.deb']
https://security-tracker.debian.org/tracker/DSA-5713-1

Tags:

CVE References

2024-5564

Peng Zhang (pzhang2) on 2024-07-12

Changed in starlingx:
assignee:	nobody → Peng Zhang (pzhang2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-07-12: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/924054

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-07-12: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/924054
Committed: https://opendev.org/starlingx/tools/commit/1e67f9496bbefebc6f9ca3d6688169c5c1c00ca6
Submitter: "Zuul (22348)"
Branch: master

commit 1e67f9496bbefebc6f9ca3d6688169c5c1c00ca6
Author: Peng Zhang <email address hidden>
Date: Wed Jul 10 09:02:17 2024 +0000

Debian: libndp0: fix CVE-2024-5564

Upgrade libndp0 to 1.6-1+deb11u1

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2024-5564
    https://security-tracker.debian.org/tracker/DSA-5713-1
    https://www.tenable.com/plugins/nessus/200648

    TestPlan:
    PASS: downloader; build-pkgs
    PASS: build-image

Closes-Bug: 2069552

Change-Id: I17b7be188d236a6ddf6a7c0732acbfdde22d1348
Signed-off-by: Peng Zhang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.