-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3581-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 17, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libndp CVE ID : CVE-2016-3698 Debian Bug : 824545 Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message. An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man-in-the-middle. For the stable distribution (jessie), this problem has been fixed in version 1.4-2+deb8u1. We recommend that you upgrade your libndp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXOxJpAAoJEAVMuPMTQ89EJhsP/1ne4Asg4Q1daMP2lMX7TVot kOJOv/4VwQ74wiWHsRkAyvEPgtKsxB2sduxfb6IwaHFA+UHhiB4KFFhlngqt/gzE 7F1CA6mpyoGM+KYMHnRf9spHeuGwqggVvh9zyupVlwOW771uiiTbyKK197o+slO0 twIMe9LohgCZgW4eJF13+bUUAyLoaQYcv4p/W/KLaeKYqS4JrO5t7sFFLfJtJU7j OpofW5BCFkHpoJpZAagRJW9NEULEBww+6p41oNryXFxJAeAs3vm0Z2+RwgYxC6cV MDwsmViNKUFoWghRskOMH62jJSy4R1iiZHU7mmzv7+PySteaMArQ02WZfVNM5kTQ psDG4IpoMOuLFGrjxZ18CCxjy0vVXG2NO1Rn0amQoo5E79RQ6PWqVAnURgfpabuZ hYJ/ALVusS9VUdlV6mTMXufuiX7ltFCqG4fx6CVUQPzQVubCXN8ctEHOWJrEtTEm nuKAol4CW5I8b4aTQI9E0wRi9mAKPIb6AmibPtLPcfP2Pzvs7O5UL/d+ZAfja92U U9Qh9v7gbXG9nav6Hfx44K6RX6Xy4kUbwauwL81mADh8FljRKDogR/bz7nqpaFoG NX1uLkdllnmwOB8/voNCx0F4DzOtJeZa2KMFWisSYOM/9lmcQx/IcBDVveDMJa4P NJXz1D7PHJaEEP8n+MoX =2Wof -----END PGP SIGNATURE-----