Moderate CentOS libndp Security Update

Metadata

medium
6.8
libndp-1.2-6.el7_2.i686.rpm, libndp-1.2-6.el7_2.src.rpm, libndp-1.2-6.el7_2.x86_64.rpm, libndp-devel-1.2-6.el7_2.i686.rpm, libndp-devel-1.2-6.el7_2.x86_64.rpm
CVE-2016-3698
rhn.redhat.com, lists.centos.org
2016-05-17
2017-07-27 19:11
CVE-2016-3698 libndp
CVE-2016-3698
2017-04-14 09:03
2017-04-01 19:09
2017-01-05 20:14

Description


An update for libndp is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

* It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698)

Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 libndp libndp-1.2-6.el7_2.i686.rpm
libndp libndp-1.2-6.el7_2.src.rpm
libndp libndp-1.2-6.el7_2.x86_64.rpm
libndp-devel libndp-devel-1.2-6.el7_2.i686.rpm
libndp-devel libndp-devel-1.2-6.el7_2.x86_64.rpm