ELA-958-1 lldpd security update

read overflow

Version0.9.6-1+deb9u2 (stretch)
Related CVEs CVE-2023-41910

Matteo Memelli discovered a flaw in lldpd, an implementation of the IEEE 802.1ab protocol. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory.

For Debian 9 stretch, these problems have been fixed in version 0.9.6-1+deb9u2.

We recommend that you upgrade your lldpd packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.