[SECURITY] [DLA 3389-1] lldpd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3389-1] lldpd security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 12 Apr 2023 16:17:27 +0100
Message-id: <[🔎] 9aafad8f-31bb-4336-83ce-6b2031d53f17@app.fastmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3389-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 10, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lldpd
Version        : 1.0.3-1+deb10u1
CVE IDs        : CVE-2020-27827 CVE-2021-43612
Debian Bug     : 980132

* The following was previously incorrectly announced to this list *
* as DLA-3388-1. The correct DLA identifier for this advisory is  *
* DLA-3389-1.                                                     *

It was discovered that there were two potential denial of service
(DoS) attacks in lldpd, a implementation of the IEEE 802.1ab (LLDP)
protocol used to administer and monitor networking devices.

For Debian 10 buster, these problems have been fixed in version
1.0.3-1+deb10u1.

We recommend that you upgrade your lldpd packages.

For the detailed security status of lldpd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lldpd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQ2y2AACgkQHpU+J9Qx
HlgmbQ/+KzyyF+tILxMpwdf0wQ7HUfFEDnMGMGcydoMy+bZrBR4ZwHTPqv74ZkXc
gsbBYpGXQ3zcUZrpiB+F/cgTBBOUnkNN7qDxD7DzdhEBa6haQjdw/Qv7Do44TS8l
H1XY/7jIlPro7PtI+pVrLRrL1lKzb57PDRM1cplYBMxuxFxQR7Rwiahw2OXCYONX
FQe4qDzrBMwb40CJZ/vWqa9t4w6AGmxNdm1eI+7LZdVTQDaAbMBQSPdlwxEhwMi0
MAYPKQTla9xqsxXMgBhjDJtLzd1wcCNTWdbOC4A28AZDS4o1yN2jZ84MlRSbSM1P
fCj1kcggJBr0bcHjets0gnZ4pqtdsz6SES5aSUAz8jf2I7TGmIO4cCZoZzg7SX74
SKyeXMM4EbSERvki/O7tRARpR05+dMOo73nspstgF/zGBlTuWfImfm6B7kksadqn
4zz6qAQXcl7CcKfsb8n5sB8zeJ3akyddr/lo+KAnBj6LS+KPY/eg7eLLJDJeU/K7
cuE7xkq0AfqYpvFnNZFvuyOWVwz7edJCFKEwa5wzZO3GM+uR4r3CrOov0sDv6UCc
wzhWDxpm8Dhy7T2COcmCUnZKvt5nN24pf2DQK/RSq1lzZCBSgjzDOx42qxHHWfhN
eSGXZ8Swz5xW6lKNTBqiL1tzYccR2G8G4lJQkGyIS+FxytXPEAI=
=xVka
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3390-1] zabbix security update
Next by Date: [SECURITY] [DLA 3391-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 3390-1] zabbix security update
Next by thread: [SECURITY] [DLA 3391-1] firefox-esr security update
Index(es):
- Date
- Thread