MGASA-2016-0185

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0185.html

Import Source

https://advisories.mageia.org/MGASA-2016-0185.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0185

Related

CVE-2016-3698

Published

2016-05-18T20:14:22Z

Modified

2016-05-18T20:08:01Z

Summary

Updated libndp packages fix CVE-2016-3698

Details

Updated libndp package fixes security vulnerability:

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libndp

Package

Name: libndp
Purl: pkg:rpm/mageia/libndp?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4-3.1.mga5

Ecosystem specific

{
    "section": "core"
}