Your message dated Sun, 16 Oct 2011 21:48:05 +0000
with message-id <e1rfyyv-00046o...@franck.debian.org>
and subject line Bug#644614: fixed in radvd 1:1.8-1.1
has caused the Debian Bug report #644614,
regarding multiple security issues in radvd 1.6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
644614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: radvd
Version: 1.6-1
Severity: grave
Tags: security
Justification: user security hole
Hey,
Solar Designer reported on http://seclists.org/oss-sec/2011/q4/30 that
multiple issues were found in radvd 1.8.1. Not all of them apply to
1.6-1 in squeeze or 1.8-1 in sid though.
As far as I can tell:
* CVE-2011-3601 (privilege escalation) is present in 1.8-1 but not in
1.6-1 (no support for ND_OPT_DNSSL_INFORMATION in 1.6)
Patch:
https://github.com/reubenhwk/radvd/commit/9dfaaaf740ce784541e76e68de4ae04dce2c0921
* CVE-2011-3602 (arbitrary file overwrite) is present in both versions
Patch:
https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
* CVE-2011-3603 (failure to check privsep() errors) is present in both versions
Patches:
https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60
https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275
https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d
* CVE-2011-3604 (buffer overreads) is present in both versions
Patch:
https://github.com/reubenhwk/radvd/commit/7de1b9abf87b747ee2611c0d2a94dfeee79878b4
* CVE-2011-3605 (denial of service in unicast mode) is present in both versions
Patch:
https://github.com/reubenhwk/radvd/commit/2591d0189257caeaae2057dfed0a260310497a61
I'm reporting only one bug for all the issues, which can be fixed by
uploading 1.8.2-1 to unstable. For squeeze, backporting the patches
should be fairly straightforward.
Please add CVE numbers in the changelog.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: radvd
Source-Version: 1:1.8-1.1
We believe that the bug you reported is fixed in the latest version of
radvd, which is due to be installed in the Debian FTP archive:
radvd_1.8-1.1.diff.gz
to main/r/radvd/radvd_1.8-1.1.diff.gz
radvd_1.8-1.1.dsc
to main/r/radvd/radvd_1.8-1.1.dsc
radvd_1.8-1.1_amd64.deb
to main/r/radvd/radvd_1.8-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated radvd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Oct 2011 23:28:02 +0200
Source: radvd
Binary: radvd
Architecture: source amd64
Version: 1:1.8-1.1
Distribution: unstable
Urgency: high
Maintainer: Ghe Rivero <g...@debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description:
radvd - Router Advertisement Daemon
Closes: 644614
Changes:
radvd (1:1.8-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches: backport patches from upstream to fix various security
issues: closes: #644614
- 0001-set_interface_var-doesn-t-check-interface-name-and-b fix arbitrary
file overwrite (CVE-2011-3602)
- 0002-main-must-fail-on-privsep_init-errors-it-must-not-ru,
0003-privsep_read_loop-should-return-on-unprivileged-daem and
0004-Really-exit-on-privsep-init-failure fix failure to check return
code of privilege dropping function (CVE-2011-3603)
- 0005-process_ra-has-numerous-missed-len-checks.-It-leads- fix multiple
buffer overreads (CVE-2011-3604)
- 0006-removing-mdelay-in-unicast-only-case fix a denial of service
(CVE-2011-3605)
- 0007-checking-iface-name-more-carefully on top of
0001-set_interface_var-doesn-t-check-interface-name-and-b
(CVE-2011-3602)
Checksums-Sha1:
334f1bf7ab79f2fd6fac642bb8c085894b066db0 1632 radvd_1.8-1.1.dsc
abdd106a8f01ed0b1e8b7f915e348e5eb19cd5f3 10738 radvd_1.8-1.1.diff.gz
b7d3b7d144be29ae15e694f5db1c594ca94c1e15 76666 radvd_1.8-1.1_amd64.deb
Checksums-Sha256:
afe53c7dcee0f44549d58bf929e5d86ab1c33267051b679344442fa8f64cd9da 1632
radvd_1.8-1.1.dsc
1434c12c5187cd950a61a24353cd35a86e4120741ca012145834a6af8777891d 10738
radvd_1.8-1.1.diff.gz
a99866475ac0d4e6bb875cd06c5c5aa032d9d25c35858ed2b7d96ad8b311b120 76666
radvd_1.8-1.1_amd64.deb
Files:
465ccdfab9e50220c20ad9d90a28c8a0 1632 net optional radvd_1.8-1.1.dsc
40d29fd64fd871ed6f382a76ea670bd2 10738 net optional radvd_1.8-1.1.diff.gz
af80dd45f31c85faf615b1d4a417d04c 76666 net optional radvd_1.8-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJOmKnRAAoJEDBVD3hx7wuoUvAQAJTuQa0ERwJPe7l4E73xA11S
5+cVcyOl41lXilwNYTuh8iAeZjxG0fT/Oq4Lh3wmwVGOjDYNGo4cE6LJUxGpQSj5
pUWCoHZQALc0Uh9jrlO8HqVD05270kRopU8bf6Nzcc59cywlLYtU9+6zols0M9j+
Sy4DsWSj4M7TAftrQf31xOAPUDtih13dx088I65RJ4NXTxEjj7bWTT77mcHKSHDJ
NZm/EHr1PIbM4gyyznxM3tDdqlTjtetElDP24XPnoA2i13XexQqpiN644gaDOr5y
bhX92xHSZmK54OwEJNk7isyHB6iDFRwTEg1Q1sm3vM13zB6vXUCWGEaBvCdQXLFV
B8OCulS//cL+bXxYzq8FkXoI2asrllT833dsH+eT1JsmOoF2iudZzTVPyxFBgKHx
TkSBssdR3wzTDoOVBtow6WiYxmdZfU1n0yLxpYC6mVAscE+JMSxE1Cv3fixc1wg1
DUtZkhT+kZ+4SNcpxSsHGLvuCzYFhyYJQrmvtx3PJkTo+2Mc3i1CEXmOMNTDP7UB
g+J0ZnXdAmEc7GIFVUyF8KNTnWdhHuNQVBuU+r6zKYrOlaEcV7RE+CJnuebHKKuA
9dACl8oJr5JvTFEMB4LNmJ/kcdA1/ggH3zb4RxOLJth2lyeCJYtuxoOe83e30foX
7mayde2gSBXiVdzzzXbd
=Wghb
-----END PGP SIGNATURE-----
--- End Message ---
