| Revision Date: | 2016-05-17 | Version: | 641 |
| Title: | RHSA-2016:1086: libndp security update (Moderate) |
| Description: | Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.
Security Fix(es):
It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698)
Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2016-3698
RHSA-2016:1086
RHSA-2016:1086-00
RHSA-2016:1086-01
|
| Platform(s): | Red Hat Enterprise Linux 7
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 7 is installed
AND
libndp is earlier than 0:1.2-6.el7_2
AND libndp is signed with Red Hat redhatrelease2 key
libndp-devel is earlier than 0:1.2-6.el7_2
AND libndp-devel is signed with Red Hat redhatrelease2 key
|