RedHat has issued an advisory today (May 17): https://rhn.redhat.com/errata/RHSA-2016-1086.html See also: http://openwall.com/lists/oss-security/2016/05/17/9
Blocks: (none) => 18125Whiteboard: (none) => MGA5TOO
Cauldron updated to 1.6 Packages in 5/core/updates_testing: ======================== lib64ndp0-1.4-3.1.mga5.x86_64 libndp-devel-1.4-3.1.mga5.i586 libndp0-1.4-3.1.mga5.i586 lib64ndp-devel-1.4-3.1.mga5.x86_64 From libndp-1.4-3.1.mga5.src Advisory: ======================== Updated libndp package fixes security vulnerability: Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix(es): * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698) References: - https://rhn.redhat.com/errata/RHSA-2016-1086.html - http://openwall.com/lists/oss-security/2016/05/17/9 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698 - https://bugs.mageia.org/show_bug.cgi?id=18477
CC: (none) => makowski.mageia
Assignee: bugsquad => qa-bugs
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
MGA5-32 on Acer D620 Xfce No installation issues. Not sure what is exactly meant by NetworkManager, anyway the network tools in MCC did not show any access to libndp. Tried at CLI: strace -o libndp.txt ndptool -i wlp5s0 monitor this gave no feedback on the CLI, but the trace shows usage of libndp (attached)
CC: (none) => herman.viaene
Created attachment 7803 [details] strace for libndp
Whiteboard: (none) => MGA5-32-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0185.html
Status: NEW => RESOLVEDResolution: (none) => FIXED