Debian Security Advisory
DLA-3389-1 lldpd -- LTS security update
- Date Reported:
- 10 Apr 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-27827, CVE-2021-43612.
- More information:
It was discovered that there were two potential denial of service (DoS) attacks in lldpd, a implementation of the IEEE 802.1ab (LLDP) protocol used to administer and monitor networking devices.
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
crash in SONMP decoder
For Debian 10
Buster, these problems have been fixed in version 1.0.3-1+deb10u1.
We recommend that you upgrade your lldpd packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS