Ubuntu
lldpd package

lldpd needs update to fix CVE-2020-27827

Bug #1937121 reported by Thomas on 2021-07-21

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	lldpd (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

lldpd needs to be updated to min 1.0.9 or the patch(es) need to be backported to fix CVE-2020-27827

pls read https://github.com/lldpd/lldpd/releases

See original description

Tags:

CVE References

2020-27827

Revision history for this message

Thomas (t.c) wrote on 2021-07-21:

https://github.com/lldpd/lldpd/commit/7d60bf30effc4c88f17f3d58ecaa72479f16d4be

Thomas (t.c) on 2021-07-21

tags:	added: focal
tags:	added: bionic hirsute
description:	updated
description:	updated

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2021-07-21:

Hello Thomas, we addressed CVE-2020-27827 in https://ubuntu.com/security/notices/USN-4691-1

Thanks

information type:	Private Security → Public Security
Changed in lldpd (Ubuntu):
status:	New → Fix Released

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2021-07-22:

Ah, I see, a co-worker has pointed out that that USN covered only the openvswitch (where the CVE was reported) and not lldpd, where the code originated from. Thanks.

Revision history for this message

Thomas (t.c) wrote on 2021-07-25:

Is a fix now really released?
On all supported Ubuntu releases?

Alex Murray (alexmurray) on 2021-07-26

Changed in lldpd (Ubuntu):
status:	Fix Released → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulldpd package

lldpd needs update to fix CVE-2020-27827

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
lldpd package