Moderate CentOS libndp Security Update


libndp-1.2-6.el7_2.i686.rpm, libndp-1.2-6.el7_2.src.rpm, libndp-1.2-6.el7_2.x86_64.rpm, libndp-devel-1.2-6.el7_2.i686.rpm, libndp-devel-1.2-6.el7_2.x86_64.rpm,
2018-01-18 11:12
2017-07-27 19:11
2017-04-14 09:03
2017-04-01 19:09
2017-01-05 20:14


An update for libndp is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.

Security Fix(es):

* It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698)

Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue.
Please see

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 libndp libndp-1.2-6.el7_2.i686.rpm
libndp libndp-1.2-6.el7_2.src.rpm
libndp libndp-1.2-6.el7_2.x86_64.rpm
libndp-devel libndp-devel-1.2-6.el7_2.i686.rpm
libndp-devel libndp-devel-1.2-6.el7_2.x86_64.rpm