Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 563220 (CVE-2015-8011, CVE-2015-8012)

Summary: <net-misc/lldpd-0.9.1: lldpd crash in lldp_decode due large management address
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: chutzpah
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-10-16 10:45:11 UTC
From ${URL} :

Upstream commit:


If compiled with effective source fortification, the vulnerability is
just a crash and not exploitable for anything else, as a result of the
compiler-emitted length check for memcpy inside the PEEK_BYTES macro.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2015-10-27 08:33:38 UTC
There is also another fix, an improper assert leading to a daemon
Comment 2 Patrick McLean gentoo-dev 2016-03-03 00:53:58 UTC
net-misc/lldpd-0.9.1 is now in the tree, sorry about the delay on this
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-07-10 21:07:26 UTC
GLSA Vote: No