--- /dev/null
+---
+title: Security
+---
+
+`lldpd` contains several security features to mitigate vulnerabilities
+(privilege separation, chrooted process, …). If you wish to report a
+security issue, either open an [issue on GitHub][] or [mail me][]
+directly.
+
+# Past vulnerabilities
+
+ * [CVE-2015-8011][]: buffer overflow when handling management address
+ TLV for LLDP. When a remote device was advertising a too large
+ management address while still respecting TLV boundaries, lldpd
+ would crash due to a buffer overflow. This vulnerability affects
+ the parser which is run in an unprivileged and chrooted
+ process. It does not allow arbitrary code execution
+ unless hardening has been specifically disabled. This bug has been
+ introduced in version 0.6.0. It has been fixed in commit
+ [dd4f16e7][] and in version 0.7.19.
+
+ * [CVE-2015-8012][]: crash on malformed management address. When a
+ remote device was advertising a malformed management address, lldpd
+ would crash with an assertion error. This vulnerability affects the
+ parser which is run in an unprivileged and chrooted process. It
+ does not allow arbitrary code execution. This bug has been
+ introduced in version 0.6.0. It has been fixed in commit
+ [793526f8][] and in version 0.7.19.
+
+[issue on GitHub]: https://github.com/vincentbernat/lldpd/issues/new
+[mail me]: mailto:vincent@bernat.im
+[CVE-2015-8011]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011
+[CVE-2015-8012]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012
+[dd4f16e7]: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
+[793526f8]: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
+
+{# Local Variables: #}
+{# mode: markdown #}
+{# indent-tabs-mode: nil #}
+{# End: #}