Red Hat Security Advisory 2019-3673-01

Red Hat Security Advisory 2019-3673-01: Posted Nov 6, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3673-01 - The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol Agent with Enhanced Ethernet support. An improper sanitization issue was addressed.; tags | advisory, protocol; systems | linux, redhat; advisories | CVE-2018-10932; SHA-256 | e7e595745f0998806ec07b2bc2b8ba088d60bccfb92da62bc5ad78814a43f171; Download | Favorite | View

Red Hat Security Advisory 2019-3673-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: lldpad security and bug fix update
Advisory ID:       RHSA-2019:3673-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3673
Issue date:        2019-11-05
CVE Names:         CVE-2018-10932 
=====================================================================

1. Summary:

An update for lldpad is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The lldpad packages provide the Linux user space daemon and configuration
tool for Intel's Link Layer Discovery Protocol (LLDP) Agent with Enhanced
Ethernet support.

Security Fix(es):

* lldptool: improper sanitization of shell-escape codes (CVE-2018-10932)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1614896 - CVE-2018-10932 lldptool: improper sanitization of shell-escape codes
1727326 - lldpad memory usage increases over time

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
lldpad-1.0.1-13.git036e314.el8.src.rpm

aarch64:
lldpad-1.0.1-13.git036e314.el8.aarch64.rpm
lldpad-debuginfo-1.0.1-13.git036e314.el8.aarch64.rpm
lldpad-debugsource-1.0.1-13.git036e314.el8.aarch64.rpm

ppc64le:
lldpad-1.0.1-13.git036e314.el8.ppc64le.rpm
lldpad-debuginfo-1.0.1-13.git036e314.el8.ppc64le.rpm
lldpad-debugsource-1.0.1-13.git036e314.el8.ppc64le.rpm

s390x:
lldpad-1.0.1-13.git036e314.el8.s390x.rpm
lldpad-debuginfo-1.0.1-13.git036e314.el8.s390x.rpm
lldpad-debugsource-1.0.1-13.git036e314.el8.s390x.rpm

x86_64:
lldpad-1.0.1-13.git036e314.el8.i686.rpm
lldpad-1.0.1-13.git036e314.el8.x86_64.rpm
lldpad-debuginfo-1.0.1-13.git036e314.el8.i686.rpm
lldpad-debuginfo-1.0.1-13.git036e314.el8.x86_64.rpm
lldpad-debugsource-1.0.1-13.git036e314.el8.i686.rpm
lldpad-debugsource-1.0.1-13.git036e314.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-10932
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXcHqL9zjgjWX9erEAQg8uxAAp1sXX7k616voF4T1ESaLw/2xgwVpXcFA
rssf0zsmwNH4Ckt/ehyTMTyeE2b0pEZajfQDLfP5u6Baz6YHJr3/gnDG8/ffHJZ5
alvJGBoWPTtgVvcmC/T8++eUyMQ9KmpG1SX6sUiIvTbxNVGAe8eYEWmEv3cOVNo9
fClotoOCiOc+T18xqHfBiUybFuqYYnApzb/UH5R0LEY5hND76PKaijrnNhw+vLe8
KOnfFu3h79IAfAFbSfj62LTKLNnScHtzNB5N0dlmt/UzyTX0yRZLD4ISqq4j6a7H
svOTOb7w2PefY+pIN/nwooR2rcD9w98N7KmH2q+8euzE2x9BeuoEgBLe7hH40dSo
P8siGfzIGhnw1xNdF/8VgUlow0HFRfNXycxVYtTJCwcPczrUFJr0NeaQ9ATwdToI
N14/JjJ/dpLGoTboUAub2Nhgx3Y4PJEKqnNHfA0hC/0YJ6VHHtbXAmKFiHmZGiNz
LwAUMQYQ4BcOU0eIy1y55rDy4drAmf1QI+QXq7A0Ax8e8uCxAVcjkoeYbS1ecl1V
fbC9wtM5Ev/OMWt1nEJfsScDeqIUZKpOYk2nYPVB2EoDzyzlPKJKiv8T1Eu9brY3
WcffJxHFd2JhPvrxEj9YfCZK4Zk7UEN0swQMEURknKgbSEyaU79mnU6Qlk8DNSJ4
KxLsAQumMR8=
=tsSa
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2019-3673-01

Red Hat Security Advisory 2019-3673-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2019-3673-01

Share This

Red Hat Security Advisory 2019-3673-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems