USN-7248-1: libndp vulnerability
3 February 2025
libndp could be made to crash or run programs if it received specially crafted network traffic.
Releases
Packages
- libndp - Library for Neighbor Discovery Protocol
Details
It was discovered that libndp incorrectly handled certain malformed IPv6
router advertisement packets. A local attacker could possibly use this
issue to cause NetworkManager to crash, resulting in a denial of service,
or the execution of arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libndp0
-
1.6-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libndp0
-
1.4-2ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.