Bug#644614: marked as done (multiple security issues in radvd 1.6)

Fri, 28 Oct 2011 13:09:22 -0700 

Your message dated Fri, 28 Oct 2011 20:05:42 +0000
with message-id <e1rjsgq-00023f...@franck.debian.org>
and subject line Bug#644614: fixed in radvd 1:1.6-1.1
has caused the Debian Bug report #644614,
regarding multiple security issues in radvd 1.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: radvd
Version: 1.6-1
Severity: grave
Tags: security
Justification: user security hole

Hey,

Solar Designer reported on http://seclists.org/oss-sec/2011/q4/30 that
multiple issues were found in radvd 1.8.1. Not all of them apply to
1.6-1 in squeeze or 1.8-1 in sid though.

As far as I can tell:

* CVE-2011-3601 (privilege escalation) is present in 1.8-1 but not in
  1.6-1 (no support for ND_OPT_DNSSL_INFORMATION in 1.6)
  Patch: 
https://github.com/reubenhwk/radvd/commit/9dfaaaf740ce784541e76e68de4ae04dce2c0921
* CVE-2011-3602 (arbitrary file overwrite) is present in both versions
  Patch: 
https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
* CVE-2011-3603 (failure to check privsep() errors) is present in both versions
  Patches: 
https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60
           
https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275
           
https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d
* CVE-2011-3604 (buffer overreads) is present in both versions
  Patch: 
https://github.com/reubenhwk/radvd/commit/7de1b9abf87b747ee2611c0d2a94dfeee79878b4
* CVE-2011-3605 (denial of service in unicast mode) is present in both versions
  Patch:
  
https://github.com/reubenhwk/radvd/commit/2591d0189257caeaae2057dfed0a260310497a61

I'm reporting only one bug for all the issues, which can be fixed by
uploading 1.8.2-1 to unstable. For squeeze, backporting the patches
should be fairly straightforward.

Please add CVE numbers in the changelog.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: radvd
Source-Version: 1:1.6-1.1

We believe that the bug you reported is fixed in the latest version of
radvd, which is due to be installed in the Debian FTP archive:

radvd_1.6-1.1.diff.gz
  to main/r/radvd/radvd_1.6-1.1.diff.gz
radvd_1.6-1.1.dsc
  to main/r/radvd/radvd_1.6-1.1.dsc
radvd_1.6-1.1_amd64.deb
  to main/r/radvd/radvd_1.6-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated radvd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Oct 2011 15:52:53 +0200
Source: radvd
Binary: radvd
Architecture: source amd64
Version: 1:1.6-1.1
Distribution: stable-security
Urgency: high
Maintainer: Ghe Rivero <g...@debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description: 
 radvd      - Router Advertisement Daemon
Closes: 644614
Changes: 
 radvd (1:1.6-1.1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * debian/patches: backport patches from upstream to fix various security
     issues:                                                     closes: #644614
     - 0001-set_interface_var-doesn-t-check-interface-name-and-b fix arbitrary
       file overwrite (CVE-2011-3602)
     - 0002-main-must-fail-on-privsep_init-errors-it-must-not-ru,
       0003-privsep_read_loop-should-return-on-unprivileged-daem and
       0004-Really-exit-on-privsep-init-failure fix failure to check return
       code of privilege dropping function (CVE-2011-3603)
     - 0005-process_ra-has-numerous-missed-len-checks.-It-leads- fix multiple
       buffer overreads (CVE-2011-3604)
     - 0006-removing-mdelay-in-unicast-only-case fix a denial of service
       (CVE-2011-3605)
     - 0007-checking-iface-name-more-carefully on top of
       0001-set_interface_var-doesn-t-check-interface-name-and-b
       (CVE-2011-3602)
Checksums-Sha1: 
 40d4aebcf9f4d52d932413041423fdce7a55bd29 1593 radvd_1.6-1.1.dsc
 3f6f1afeab6bfc35a464e6ef6f76ae00cc285d32 150545 radvd_1.6.orig.tar.gz
 bd9488a9820935fbe168a3014eecac283a985155 10505 radvd_1.6-1.1.diff.gz
 19726767b1d772fb85880b13244bfcea4def3934 74260 radvd_1.6-1.1_amd64.deb
Checksums-Sha256: 
 15b4ebee07c235efb5d7216893d5d7e78687d928b9509ca802ca21fc882e4734 1593 
radvd_1.6-1.1.dsc
 59c20e31a0085ded29a7a6ea9479170d72fdfb4902c878ee8144127dd77a2102 150545 
radvd_1.6.orig.tar.gz
 997d14e7670f0404f48d33dcb06f363f02386f5a296d319037810920b08577f2 10505 
radvd_1.6-1.1.diff.gz
 e66b43bdb3bcaa2e79d5a8ed17791a64b02515e52a702b7d045f7dd2d92e4c82 74260 
radvd_1.6-1.1_amd64.deb
Files: 
 7c42868cf3e8a64270d8168ea5932c49 1593 net optional radvd_1.6-1.1.dsc
 987e0660d68b4501b24dc5a068cea83c 150545 net optional radvd_1.6.orig.tar.gz
 2cb1efbceba06dde0e79325aa341e5e7 10505 net optional radvd_1.6-1.1.diff.gz
 bb2905a5fd4fe6165124812a3342566b 74260 net optional radvd_1.6-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOnctbAAoJEDBVD3hx7wuo5WgQAN2Uvwy+BqXFf1pUI0FqpV/I
OEcEsS/kqG1F01fXguS3PXLcM4bonveHqStmu2yDOq/Xtjxq/KT+8Aq6Oot+TR+r
uvTrZUDFb+CdCNxYxvU/mHO+E7jpSYqiZ1RbLSgtsjRNFeCo+7oo78xVXs5Xspty
qz4cRqnoUYSgRIBCSUlKbsIIQ4Zx4et1uD0a3YBlyELx//cc+KuB5IrfHHMh/qkb
vWuoKamZeDtNsTOsiR/7om5bcIbmhJIad+ZO8R9cALEuJS/UrGZvSV7sX2H4P/rz
zxvaMEMCU6Ail5uHZ3ttdmJbkhGR3QQqQzHCVsd41HZ9VgHiKKzV0gZlY2K3aDaZ
pSQXQPTHEe1EnKtXz2BaZlTM4MTAK9XvgxjRdKubrz7kNuvXkn4+u8wtw69tgpyo
NssUNnGrykbLkMQBs335kvfwaX2qKBkGQqZmFLERQXaEShMb8/Trn7RY0wEykn1A
g7pu59iiJ2O7ea/78w64oQB+0Vj9PxJMHGlh5x7aj/t4UN+nUbq/nSDg7Ads6/Gx
ExKz58+4YKl5ziMVPzsbqi9jWkvJU+liRHYnoIhDon3eH5iNFqLvJds4QB6r15ez
d8xUTx+0Yt5xfvy+xoCKovNzfE4pccPZzRMTBvWn0pUqrTPm/MGtYDz59lOCGkjR
10Q24AHlT9x2/iVWZcme
=Lfq7
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to