| Summary: | radvd new double-free security issue | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK | ||
| Source RPM: | radvd-2.17-2.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-02-01 22:11:56 CET
David Walser
2019-02-01 22:12:03 CET
Whiteboard:
(none) =>
MGA6TOO Advisory: ======================== Updated radvd package fixes security vulnerability: A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd (rhbz#1669297). References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XANAIFTDQJ74DN3FS7TES2UV4ZYQUBFR/ ======================== Updated packages in core/updates_testing: ======================== radvd-2.11-2.1.mga6 from radvd-2.11-2.1.mga6.src.rpm Whiteboard:
MGA6TOO =>
(none) MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
According to the info in MCC this is a service involved in IPv6. I don't have that here, but at least the service should run OK, so at CLI:
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
# systemctl start radvd
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
Active: active (running) since di 2019-02-05 10:21:09 CET; 3s ago
Process: 14000 ExecStart=/usr/sbin/radvd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 14001 (radvd)
CGroup: /system.slice/radvd.service
├─14001 /usr/sbin/radvd
└─14002 /usr/sbin/radvd
feb 05 10:21:09 mach6.hviaene.thuis systemd[1]: Starting Router advertisement daemon for IPv6...
feb 05 10:21:09 mach6.hviaene.thuis systemd[1]: Started Router advertisement daemon for IPv6.
feb 05 10:21:10 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:21:10] radvd (14001): eth0 not found: No
feb 05 10:21:10 mach6.hviaene.thuis radvd[14001]: eth0 not found: No such device
Indeed, my ethernet device is named differently here, so I change the first line of /etc/radvd.conf to "interface enps2s8", save the file and:
# systemctl restart radvd
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
Active: active (running) since di 2019-02-05 10:25:05 CET; 4s ago
Process: 15130 ExecStart=/usr/sbin/radvd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 15132 (radvd)
CGroup: /system.slice/radvd.service
├─15132 /usr/sbin/radvd
└─15133 /usr/sbin/radvd
feb 05 10:25:05 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:25:05] radvd (14002): Exiting, privsep_re
feb 05 10:25:05 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:25:05] radvd (14002): Exiting, privsep_re
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Stopping Router advertisement daemon for IPv6...
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Stopped Router advertisement daemon for IPv6.
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Starting Router advertisement daemon for IPv6...
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Started Router advertisement daemon for IPv6.
For me, that should be OK.CC:
(none) =>
herman.viaene Advisory committed to svn. Validating based on comment 2. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0082.html Status:
NEW =>
RESOLVED |