Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:9158

Опубликовано: 17 мар. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: lldpd security update

LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.

Security Fix(es):

  • lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

  • lldpd: out-of-bounds read when decoding SONMP packets (CVE-2021-43612)

  • lldpd: CDP PDU Packet cdp.c out-of-bounds read (CVE-2023-41910)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
lldpdi6864.el9lldpd-1.0.18-4.el9.i686.rpm
lldpdx86_644.el9lldpd-1.0.18-4.el9.x86_64.rpm
lldpd-develi6864.el9lldpd-devel-1.0.18-4.el9.i686.rpm
lldpd-develx86_644.el9lldpd-devel-1.0.18-4.el9.x86_64.rpm

Показывать по

Связанные CVE

CVE-2020-27827
CVE-2021-43612
CVE-2023-41910

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-9158

oracle-oval
12 месяцев назад

ELSA-2024-9158: lldpd security update (MODERATE)

ubuntu логотип

CVE-2020-27827

CVSS3: 7.5
ubuntu
больше 4 лет назад

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2020-27827

CVSS3: 7.5
redhat
почти 5 лет назад

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2020-27827

CVSS3: 7.5
nvd
больше 4 лет назад

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2020-27827

CVSS3: 7.5
msrc
больше 4 лет назад

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs potentially causing a denial of service. The highest threat from this vulnerability is to system availability.