Debian 9956 Published by

A lldpd security update has been released for Debian GNU/Linux 10 LTS to address two potential denial of service (DoS) issues.

DLA 3389-1: lldpd security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3389-1 Chris Lamb
April 10, 2023
- -------------------------------------------------------------------------

Package : lldpd
Version : 1.0.3-1+deb10u1
CVE IDs : CVE-2020-27827 CVE-2021-43612
Debian Bug : 980132

* The following was previously incorrectly announced to this list *
* as DLA-3388-1. The correct DLA identifier for this advisory is *
* DLA-3389-1. *

It was discovered that there were two potential denial of service
(DoS) attacks in lldpd, a implementation of the IEEE 802.1ab (LLDP)
protocol used to administer and monitor networking devices.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your lldpd packages.

For the detailed security status of lldpd please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: