Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorycrashflawMageia: 2019-0082 Moderate: radvd Race Condition Leading to Crash
A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd (rhbz#1669297). References: . MGASA-2019-0082 - Updated radvd packages fix security vulnerability Publication date: 14 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0082.html Type: security Affected Mageia releases: 6 A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd (rhbz#1669297). References: - https://bugs.mageia.org/show_bug.cgi?id=24288 - https://lists.fedoraproject.org/archives/list/
Feb 14, 2019
Mageia
89
security advisorybuffer overflowFedoraFedora 28: 2019-333a7aa511 Critical: radvd Double-Free Fix
Fix double-free in InterfaceList ---- Depends on network-online target (#1652459). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-333a7aa511 2019-02-12 01:26:01.873643 --------------------------------------------------------------------------------Name : radvd Product : Fedora 28 Version : 2.17 Release : 12.fc28 URL : https://radvd.litech.org/ Summary : A Router Advertisement daemon Description : radvd is the router advertisement daemon for IPv6. It listens to router solicitations and sends router advertisements as described in "Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these advertisements hosts can automatically configure their addresses and some other parameters. They also can choose a default router based on these advertisements. Install radvd if you are setting up IPv6 network and/or Mobile IPv6 services. --------------------------------------------------------------------------------Update Information: Fix double-free in InterfaceList ---- Depends on network-online target (#1652459) --------------------------------------------------------------------------------ChangeLog: * Sun Jan 27 2019 Pavel Zhukov - 2.17-12 - Fix double-free in InterfaceList * Tue Nov 27 2018 Pavel Zhukov - 2.17-11 - Depends on network-online target (#1652459) --------------------------------------------------------------------------------References: [ 1 ] Bug #1669297 - radvd: Use After Free in case of misconfiguration https://bugzilla.redhat.com/show_bug.cgi?id=1669297 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-333a7aa511' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 12, 2019
•Critical
Fedora
172
security advisorydenial of servicecriticalUbuntu 11.10 LTS: USN-1257-1 Critical: radvd Denial Of Service
radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601) Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. A local attacker could exploit this to overwrite certain files on the system, bypassing intended permissions. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. A remote attacker could exploit this to cause the radvd daemon to crash, resulting in a denial of service. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . Radvd vulnerabilities can cause system crashes and file overwrites due to specially crafted network packets on Ubuntu systems. Installing security patches is essential. radvd vulnerabilities, Ubuntu updates, denial of service, file overwrite. . Severity: Critical. LinuxSecurity.com Team
Nov 10, 2011
•Critical
Ubuntu
87
security advisorydenial of servicesecurity issueDebian: DSA-2323-1 Critical: Radvd Buffer Overflow And DoS Threats
Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1
Oct 28, 2011
•Critical
Debian
89
security advisorymoderatefedoraFedora Core 3 Update: 2005-596 Moderate: radvd IPv6 Router Enhancement
Updated package released.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-596 2005-07-19 ---------------------------------------------------------------------Product : Fedora Core 3 Name : radvd Version : 0.8 Release : 2.FC3 Summary : A Router Advertisement daemon. Description : Radvd is the router advertisement daemon for IPv6. It listens to router solicitations and sends router advertisements as described in "Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these advertisements, hosts can automatically configure their addresses and some other parameters. They also can choose a default router based on these advertisements. Install radvd if you are setting up IPv6 network and/or Mobile IPv6 services. --------------------------------------------------------------------- ---------------------------------------------------------------------This update can be downloaded from: 5145508ca48c90f8355cea1b4e7db2ed SRPMS/radvd-0.8-2.FC3.src.rpm f36f41f1899073d7345bbb5355891200 x86_64/radvd-0.8-2.FC3.x86_64.rpm 921394f550999380045339b16fed567e x86_64/debug/radvd-debuginfo-0.8-2.FC3.x86_64.rpm 8f50b30cdf0d2b5276c2a0f8966d94ae i386/radvd-0.8-2.FC3.i386.rpm 4f558ad53483457314735558d15a7207 i386/debug/radvd-debuginfo-0.8-2.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jul 19, 2005
Fedora
89
security advisoryFedoracritical updateFedora Core 3: Update RADVD 0.8-1.FC3 for Critical IPv6 Router Adverts
New package released.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-588 2005-07-18 ---------------------------------------------------------------------Product : Fedora Core 3 Name : radvd Version : 0.8 Release : 1.FC3 Summary : A Router Advertisement daemon. Description : Radvd is the router advertisement daemon for IPv6. It listens to router solicitations and sends router advertisements as described in "Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these advertisements, hosts can automatically configure their addresses and some other parameters. They also can choose a default router based on these advertisements. Install radvd if you are setting up IPv6 network and/or Mobile IPv6 services. ---------------------------------------------------------------------* Mon Jul 18 2005 Jason Vas Dias 0.8-1.FC5 - Upgrade to upstream version 0.8 * Fri Jul 8 2005 Pekka Savola 0.8-1 - 0.8. - Ship the example config file as %doc (Red Hat's #159005) * Fri Feb 25 2005 Jason Vas Dias 0.7.3-1_FC4 - make version compare > that of FC3 ---------------------------------------------------------------------This update can be downloaded from: 9beefc2c92d4306311b944ae18481d48 SRPMS/radvd-0.8-1.FC3.src.rpm afd848830c257d44c0e73727abaa03fb x86_64/radvd-0.8-1.FC3.x86_64.rpm 7f834ed212c34a3ffc7a785e20f85140 x86_64/debug/radvd-debuginfo-0.8-1.FC3.x86_64.rpm bbe09152b0fe5826f094eca6a6f80c91 i386/radvd-0.8-1.FC3.i386.rpm 4992abc1363d896cb545c6dd0f172b9d i386/debug/radvd-debuginfo-0.8-1.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jul 18, 2005
•Critical
Fedora
89
security advisorymoderatesoftware updateFedora Core 3 FEDORA-2005-177 Moderate Radvd 0.7.3 Router Update
Upgrade to new upstream version 0.7.3 .. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-177 2005-02-25 ---------------------------------------------------------------------Product : Fedora Core 3 Name : radvd Version : 0.7.3 Release : 1_FC3 Summary : A Router Advertisement daemon Description : radvd is the router advertisement daemon for IPv6. It listens to router solicitations and sends router advertisements as described in "Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these advertisements hosts can automatically configure their addresses and some other parameters. They also can choose a default router based on these advertisements. Install radvd if you are setting up IPv6 network and/or Mobile IPv6 services. ---------------------------------------------------------------------Update Information: Upgrade to new upstream version 0.7.3 . ---------------------------------------------------------------------* Mon Feb 21 2005 Jason Vas Dias 0.7.3-1 - Upgrade to radvd-0.7.3 - add execshield -fPIE / -pie compile / link options * Mon Feb 21 2005 Pekka Savola 0.7.3-1 - 0.7.3. * Mon Oct 28 2002 Pekka Savola - 0.7.2. * Tue May 7 2002 Pekka Savola - remove '-g %{RADVD_GID}' when creating the user, which may be problematic if the user didn't exist before. * Fri Apr 12 2002 Bernhard Rosenkraenzer 0.7.1-1 - 0.7.1 (bugfix release, #61023), fixes: - Check that forwarding is enabled when starting radvd (helps avoid odd problems) - Check configuration file permissions (note: in setuid operation, must not be writable by the user.group) - Cleanups and enhancements for radvdump - Ensure NULL-termination with strncpy even with overlong strings (non-criticals, but better safe than sorry) - Update config.{guess,sub} to cope with some newer architectures - Minor fixes and cleanups * MonJan 14 2002 Pekka Savola - 0.7.1. * Wed Jan 9 2002 Tim Powers - automated rebuild * Tue Jan 8 2002 Pekka Savola - Change 'reload' to signal HUP to radvd instead or restarting. * Fri Dec 28 2001 Pekka Savola - License unfortunately is BSD *with* advertising clause, so to be pedantic, change License: to 'BSD-style'. * Thu Nov 22 2001 Bernhard Rosenkraenzer - 0.7.0 * Wed Nov 14 2001 Pekka Savola - spec file cleanups - update to 0.7.0. * Mon Jul 9 2001 Bernhard Rosenkraenzer - initial Red Hat Linux build * Sun Jun 24 2001 Pekka Savola - add a patch from USAGI for overflow, Copyright -> License. * Wed Jun 20 2001 Pekka Savola - use /sbin/service. - update to 0.6.2pl4. * Sat Apr 28 2001 Pekka Savola - update to 0.6.2pl3. * Wed Apr 11 2001 Pekka Savola - update to 0.6.2pl2. * Wed Apr 4 2001 Pekka Savola - update to 0.62pl1. Bye bye patches! - Require: initscripts (should really be with a version providing IPv6) - clean up the init script, make condrestart work properly - Use a static /etc/rc.d/init.d; init.d/radvd required it anyway. * Sun Apr 1 2001 Pekka Savola - add patch to chroot (doesn't work well yet, as /proc is used directly) - clean up droproot patch, drop the rights earlier; require user-writable pidfile directory - set up the pidfile directory at compile time. * Sat Mar 31 2001 Pekka Savola - add select/kill signals patch from Nathan Lutchansky . - add address syntax checked fix from Marko Myllynen . - add patch to check the pid file before fork. - add support for OPTIONS sourced from /etc/sysconfig/radvd, provide a nice default one. - add/delete radvd user, change the pidfile to /var/run/radvd/radvd.pid. - fix initscript NETWORKING_IPV6 check. * Sun Mar 18 2001 Pekka Savola - add droproot patch, change to nobody by default (should use radvd:radvd or the like, really). * Mon Mar 5 2001 Tim Powers - applied patch supplied by Pekka Savola in #30508 - madechanges to initscript as per Pekka's suggestions * Thu Feb 15 2001 Tim Powers - needed -D_GNU_SOURCE to build properly * Tue Feb 6 2001 Tim Powers - use %configure and %makeinstall, just glob the manpages, cleans things up - fixed initscript so that it can be internationalized in the future * Fri Feb 2 2001 Pekka Savola - Create a single package(source) for glibc21 and glibc22 (automatic Requires can handle this just fine). - use %{_mandir} and friends - add more flesh to %doc - streamline %config file %attrs - streamline init.d file a bit: * add a default chkconfig: (default to disable for security etc. reasons; also, the default config isn't generic enough..) * add reload/condrestart * minor tweaks * missing: localization support (initscripts-5.60) - use %initdir macro * Thu Feb 1 2001 Lars Fenneberg - updated to new release 0.6.2 * Thu Feb 1 2001 Marko Myllynen - initial version, radvd version 0.6.1 ---------------------------------------------------------------------This update can be downloaded from: ae1847f087192da649ad90ff5d484e95 SRPMS/radvd-0.7.3-1_FC3.src.rpm 345449ba4cf8dfba84eae22b5d1f9911 x86_64/radvd-0.7.3-1_FC3.x86_64.rpm 90ffdb019516a0be1f1467babdfb927b x86_64/debug/radvd-debuginfo-0.7.3-1_FC3.x86_64.rpm 096cccff8319777bb5b0f8093990f8a3 i386/radvd-0.7.3-1_FC3.i386.rpm 80263573365f5d976744c46761647bb2 i386/debug/radvd-debuginfo-0.7.3-1_FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Feb 25, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!