Advisories ยป MGASA-2016-0185

Updated libndp packages fix CVE-2016-3698

Publication date: 18 May 2016
Modification date: 18 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3698

Description

Updated libndp package fixes security vulnerability:

Libndp is a library (used by NetworkManager) that provides a wrapper for the
IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for
sending and receiving NDP messages.

Security Fix(es):

It was found that libndp did not properly validate and check the origin of
Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network
could use this flaw to advertise a node as a router, allowing them to perform
man-in-the-middle attacks on a connecting client, or disrupt the network
connectivity of that client. (CVE-2016-3698)
                

References

SRPMS

5/core