Package: radvd Version: 1.6-1 Severity: grave Tags: security Justification: user security hole
Hey, Solar Designer reported on http://seclists.org/oss-sec/2011/q4/30 that multiple issues were found in radvd 1.8.1. Not all of them apply to 1.6-1 in squeeze or 1.8-1 in sid though. As far as I can tell: * CVE-2011-3601 (privilege escalation) is present in 1.8-1 but not in 1.6-1 (no support for ND_OPT_DNSSL_INFORMATION in 1.6) Patch: https://github.com/reubenhwk/radvd/commit/9dfaaaf740ce784541e76e68de4ae04dce2c0921 * CVE-2011-3602 (arbitrary file overwrite) is present in both versions Patch: https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc * CVE-2011-3603 (failure to check privsep() errors) is present in both versions Patches: https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60 https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275 https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d * CVE-2011-3604 (buffer overreads) is present in both versions Patch: https://github.com/reubenhwk/radvd/commit/7de1b9abf87b747ee2611c0d2a94dfeee79878b4 * CVE-2011-3605 (denial of service in unicast mode) is present in both versions Patch: https://github.com/reubenhwk/radvd/commit/2591d0189257caeaae2057dfed0a260310497a61 I'm reporting only one bug for all the issues, which can be fixed by uploading 1.8.2-1 to unstable. For squeeze, backporting the patches should be fairly straightforward. Please add CVE numbers in the changelog. Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
