1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5505-1] lldpd security update

    From Salvatore Bonaccorso@21:1/5 to All on Mon Sep 25 22:30:02 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5505-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : lldpd
    CVE ID : CVE-2023-41910

    Matteo Memelli reported an out-of-bounds read flaw when parsing CDP
    addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP)
    protocol. A remote attacker can take advantage of this flaw to cause a
    denial of service via a specially crafted CDP PDU packet.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.0.11-1+deb11u2.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.0.16-1+deb12u1.

    We recommend that you upgrade your lldpd packages.

    For the detailed security status of lldpd please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/lldpd

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKSBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUR7DtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sdnw/3WH0qPypSyEnjG7l5EcQp6jvNLgiS5jElWJK6nlp1hDjDSWXMtCqaUn63 fnZND9xDGRIymeJP+xF7Id52nxLsnz3Xwc+eJzxjfGsXQG7Cserxdw3IlGkxfOg/ WFGObUQt5BsioT5CvZU4irwUzCU2dPbOFnRKgw2KJHQnHvENfDpF/Q5iXMKrnpjm 2RnTZ4QQDBxBy18AESKbOhwQf42RVKq32MZXrmxjJNB9oiLKn+rcMdSHwHIa065k 6iQnUBZM/kyKXdvy4nHhyAUcP1fRlEs2OMlKm1ZHAdLMZZUkpH+lfrWQxvldTnfA R87XMC56O28KsXOKOlNoAMKrQhBW40MwyXaTHrp5DmBaA8ttscSqUjlaCc/dkVvt ll9xAHZpuXwwrqN3eXKG18WnNu0JDdEoHjnF2a/J+KHC3ZM3YCz2e6zLF9sreqRJ VF+aIbTwC40IKrfru9Dk7UZyUzHDsTTC1y6M8QjUEe5ruLNdFr4pxKyAf3sfswU4 9rmqpFP20jBKbCXWzoHyp1cI+Dapfh9rWPYl+FZ177TRIQY2+3wJ1qCYST70cSxN VTQn7P45EHekJ31JCgGohGc9oWRlzr0K1j1cT7nx+kxkqzI9exCj2AKczft7ukNP j3sKllJqdn2j1dPmhYyIggCQiKq/Tj3shTPkdV8PgPzfzigh0w==
    =Hds+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)