Bug#644614: marked as done (multiple security issues in radvd 1.6)

Fri, 28 Oct 2011 13:09:30 -0700 

Your message dated Fri, 28 Oct 2011 20:05:35 +0000
with message-id <e1rjsgj-0001zm...@franck.debian.org>
and subject line Bug#644614: fixed in radvd 1:1.1-3.1
has caused the Debian Bug report #644614,
regarding multiple security issues in radvd 1.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: radvd
Version: 1.6-1
Severity: grave
Tags: security
Justification: user security hole

Hey,

Solar Designer reported on http://seclists.org/oss-sec/2011/q4/30 that
multiple issues were found in radvd 1.8.1. Not all of them apply to
1.6-1 in squeeze or 1.8-1 in sid though.

As far as I can tell:

* CVE-2011-3601 (privilege escalation) is present in 1.8-1 but not in
  1.6-1 (no support for ND_OPT_DNSSL_INFORMATION in 1.6)
  Patch: 
https://github.com/reubenhwk/radvd/commit/9dfaaaf740ce784541e76e68de4ae04dce2c0921
* CVE-2011-3602 (arbitrary file overwrite) is present in both versions
  Patch: 
https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
* CVE-2011-3603 (failure to check privsep() errors) is present in both versions
  Patches: 
https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60
           
https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275
           
https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d
* CVE-2011-3604 (buffer overreads) is present in both versions
  Patch: 
https://github.com/reubenhwk/radvd/commit/7de1b9abf87b747ee2611c0d2a94dfeee79878b4
* CVE-2011-3605 (denial of service in unicast mode) is present in both versions
  Patch:
  
https://github.com/reubenhwk/radvd/commit/2591d0189257caeaae2057dfed0a260310497a61

I'm reporting only one bug for all the issues, which can be fixed by
uploading 1.8.2-1 to unstable. For squeeze, backporting the patches
should be fairly straightforward.

Please add CVE numbers in the changelog.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: radvd
Source-Version: 1:1.1-3.1

We believe that the bug you reported is fixed in the latest version of
radvd, which is due to be installed in the Debian FTP archive:

radvd_1.1-3.1.diff.gz
  to main/r/radvd/radvd_1.1-3.1.diff.gz
radvd_1.1-3.1.dsc
  to main/r/radvd/radvd_1.1-3.1.dsc
radvd_1.1-3.1_amd64.deb
  to main/r/radvd/radvd_1.1-3.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated radvd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Oct 2011 08:58:40 +0200
Source: radvd
Binary: radvd
Architecture: source amd64
Version: 1:1.1-3.1
Distribution: oldstable-security
Urgency: high
Maintainer: Ghe Rivero <g...@debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description: 
 radvd      - Router Advertisement Daemon
Closes: 644614
Changes: 
 radvd (1:1.1-3.1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * debian/patches: backport patches from upstream to fix various security
     issues:                                                     closes: #644614
     - 0001-set_interface_var-doesn-t-check-interface-name-and-b fix arbitrary
       file overwrite (CVE-2011-3602)
     - 0002-main-must-fail-on-privsep_init-errors-it-must-not-ru,
       0003-privsep_read_loop-should-return-on-unprivileged-daem and
       0004-Really-exit-on-privsep-init-failure fix failure to check return
       code of privilege dropping function (CVE-2011-3603)
     - 0005-process_ra-has-numerous-missed-len-checks.-It-leads- fix multiple
       buffer overreads (CVE-2011-3604)
     - 0006-removing-mdelay-in-unicast-only-case fix a denial of service
       (CVE-2011-3605)
     - 0007-checking-iface-name-more-carefully on top of
       0001-set_interface_var-doesn-t-check-interface-name-and-b
       (CVE-2011-3602)
Checksums-Sha1: 
 33839fdcf5c0f0d654351dc0a3e46cfd5bef0def 1594 radvd_1.1-3.1.dsc
 e630e53c32dbd070bd704a3d0920f340a05730ab 146946 radvd_1.1.orig.tar.gz
 2f2b875f3513944323895c47e8569102ec83912c 9566 radvd_1.1-3.1.diff.gz
 3bfd0bcd5c0b16521389756272924ac586cf997e 66766 radvd_1.1-3.1_amd64.deb
Checksums-Sha256: 
 e10a2f19665a29989a3fd7e335cc7d355c15a028976761aa3c37dfd5e13514ee 1594 
radvd_1.1-3.1.dsc
 a51e32fb9c0a5e12c67111dfd8490e1629c35aabbf9306a451db1dc06505fe90 146946 
radvd_1.1.orig.tar.gz
 19973d940213ba9ed16126cc83e0c0b6d08932db70484865588ca14b31ee59c8 9566 
radvd_1.1-3.1.diff.gz
 7dbaf57c49b0b10c48d67e52d02232f2550b776cc139d687826a0aec89637c5f 66766 
radvd_1.1-3.1_amd64.deb
Files: 
 e47b054f8e70b3b49e630082ad50f4be 1594 net optional radvd_1.1-3.1.dsc
 9ee449e4b89171432cb9e9100e0b5648 146946 net optional radvd_1.1.orig.tar.gz
 cce4f93df9545fe47c6aa3691974b51f 9566 net optional radvd_1.1-3.1.diff.gz
 ec33c6419e6bbee9d1b38286d6f0e8d1 66766 net optional radvd_1.1-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOncuSAAoJEDBVD3hx7wuoWE8P/jjnG7wBOgybjW+48uWSwNkZ
zoMZ38ujyhKRozSgyEMyF4lAYCs9uMh3MnRNoZDDicl47FYnuPVzu7OdfWcD7pX/
VAsBPlzDiPsuLR3KfvU7M3e8f4GNNVz4kR1ZXJEeynCz9KHnEIQftgCmKKQGHaXl
5B2v7eQLhhO2uGq1/MY6QHHO5Fur0SqFiwe/slM8C14uBZbMPDYVDrTJa634y6ty
xAMKIj6s8eFczLG5hL4Hw0WtXN65Zt2PCCRf0mDRIQbaQ82CfR9E16B+ZlfkaGqU
1syvkKAzqAmYPKCvGoHWwGdw0BaSXMglGRxkPoHThy7XpieqPP4L++n2HjxWc1ac
irFEjcrbuxYQ/jU5nAK+fMyEkiBcuOvcYlQBuwjcpPC0kf790nPabCXfUcqxlewL
u1RJp2Hsn/1dz+Xbj42yoLJQa6as4qdm20f5x/pAIxid5PJAxQEkDk2WXIR8sTFI
5giL+Ul9l/ZXGNJmgHqOnOYrIaTlavvWqkHV/CVJiUuFgt6hvPI80jvjYL5mDPPB
70aClawRtNUWY+9L2KOO0jicAHLKENS1NFB82eFFsKvA1LOYEuKy4E6CbTz2PbU0
fSOhzfh449Xl5LsEPSOeedRrGAl7dwIz1k08nS+S4Y4qhJYCjWyGDRJuiFUeWQCa
zrneQlI1IepddnQ4MX2q
=TJ+P
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to