ALSA-2024:9158
- Source
- https://errata.almalinux.org/9/ALSA-2024-9158.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9158.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2024:9158
- Related
- Published
- 2024-11-12T00:00:00Z
- Modified
- 2024-11-18T11:48:33Z
- Summary
- Moderate: lldpd security update
- Details
-
LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.
Security Fix(es):
- lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)
- lldpd: out-of-bounds read when decoding SONMP packets (CVE-2021-43612)
- lldpd: CDP PDU Packet cdp.c out-of-bounds read (CVE-2023-41910)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2024:9158
- https://access.redhat.com/security/cve/CVE-2020-27827
- https://access.redhat.com/security/cve/CVE-2021-43612
- https://access.redhat.com/security/cve/CVE-2023-41910
- https://bugzilla.redhat.com/1921438
- https://bugzilla.redhat.com/2040388
- https://bugzilla.redhat.com/2237411
- https://errata.almalinux.org/9/ALSA-2024-9158.html
Affected packages
AlmaLinux:9 / lldpd
Package
- Name
- lldpd