Sicherheit: Ausführen beliebiger Kommandos in libndp

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1908892318895661027==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------lga07wZjhivb2e8MLeYHkVCr"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------lga07wZjhivb2e8MLeYHkVCr
Content-Type: multipart/mixed;
boundary="------------P0Jw8bN0PDFH5DdjtQ9Y1JCH";
protected-headers="v1"
From: John Breton <john.breton@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <dcbc8052-6ef0-40b4-a1b4-d0a095159df4@canonical.com>
Subject: [USN-7248-1] libndp vulnerability

--------------P0Jw8bN0PDFH5DdjtQ9Y1JCH
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7248-1
February 03, 2025

libndp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

libndp could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- libndp: Library for Neighbor Discovery Protocol

Details:

It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could possibly use this
issue to cause NetworkManager to crash, resulting in a denial of service,
or the execution of arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
libndp0                         1.6-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
libndp0                         1.4-2ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7248-1
CVE-2024-5564

--------------P0Jw8bN0PDFH5DdjtQ9Y1JCH--

--------------lga07wZjhivb2e8MLeYHkVCr
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeiIJ0FAwAAAAAACgkQ8pSCVQZYHygr
hw//TLglRGarSfF5xSKvzCak+ieFH5GgOM/LNme2t8A76jsiorghP4DSimm9Ampui37+9KmJfyxl
1gfJewOdmGvvudrNVNC2KQRkUILeAZEJpWMJVkmV0v7N7LvG02ci09/8qtu942SkTKPFxbOiB+xs
XWHOgNDCP0wYpZdaPtnigehTkrSKjrd1oM6M5Ew6Z6LISGiydL/rd9foR4MFX6vcKa0QyrsaLDlF
uQW1yyCReXHjSWSEjVc5b98ppegCm7iubgxF3mc6hbJ5W1hsOCqJ7gRnQehrdxx7Gz0vvl8NjFV+
0WbbYp60xPhdhUF6lJVR7cwhuTdjrlz1ZSBERwMdqmw38A5+C1Y5dyNFCXqk8fnIUhw8gPPMgcL/
ILP5yIuNkGYD/LKNygWPZ0VsxMLQUw8ewLbogq1LMWn5d5f98UiR2t8OWmyqD5tV0c+htUJAChqH
+SI886ebbmmLzD4AUPmusb+H5f/9X15FhptObhU38lI1vQR0+X0XfosaLgg7nbGrQ8U1tv0hSHN3
K4MfX3617Q4iFvbDsr8gnz62UaHEbpstbuhxPhLnXjPwPOrjloqfo0XJJ4Xoolso0SfKyS/yRPzp
ccZitMAwchW8mNOM69V6hN6hKEKy9TXS7SfGcG/wxgQW2wQ8Z2DkEoE0g/t2n5bPsitqspqneIq5
GVY=
=vXUu
-----END PGP SIGNATURE-----

--------------lga07wZjhivb2e8MLeYHkVCr--

--===============1908892318895661027==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1908892318895661027==--