Bug 24288 - radvd new double-free security issue
Summary: radvd new double-free security issue
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-02-01 22:11 CET by David Walser
Modified: 2019-02-14 09:40 CET (History)
3 users (show)

See Also:
Source RPM: radvd-2.17-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-02-01 22:11:56 CET
Fedora has issued an advisory on January 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XANAIFTDQJ74DN3FS7TES2UV4ZYQUBFR/

Mageia 6 is also affected.
David Walser 2019-02-01 22:12:03 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-02-02 22:56:41 CET
Advisory:
========================

Updated radvd package fixes security vulnerability:

A flaw was found in radvd. In case of misconfiguration a race condition between
privsep and main thread occurs. This leads to double-free and crashing of radvd
(rhbz#1669297).

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XANAIFTDQJ74DN3FS7TES2UV4ZYQUBFR/
========================

Updated packages in core/updates_testing:
========================
radvd-2.11-2.1.mga6

from radvd-2.11-2.1.mga6.src.rpm

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
Assignee: bugsquad => qa-bugs

Comment 2 Herman Viaene 2019-02-05 10:34:08 CET
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
According to the info in MCC this is a service involved in IPv6. I don't have that here, but at least the service should run OK, so at CLI:
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
   Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
# systemctl  start radvd
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
   Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
   Active: active (running) since di 2019-02-05 10:21:09 CET; 3s ago
  Process: 14000 ExecStart=/usr/sbin/radvd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 14001 (radvd)
   CGroup: /system.slice/radvd.service
           ├─14001 /usr/sbin/radvd
           └─14002 /usr/sbin/radvd

feb 05 10:21:09 mach6.hviaene.thuis systemd[1]: Starting Router advertisement daemon for IPv6...
feb 05 10:21:09 mach6.hviaene.thuis systemd[1]: Started Router advertisement daemon for IPv6.
feb 05 10:21:10 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:21:10] radvd (14001): eth0 not found: No 
feb 05 10:21:10 mach6.hviaene.thuis radvd[14001]: eth0 not found: No such device

Indeed, my ethernet device is named differently here, so I change the first line of /etc/radvd.conf to "interface enps2s8", save the file and:

# systemctl restart radvd
# systemctl -l status radvd
● radvd.service - Router advertisement daemon for IPv6
   Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: enabled)
   Active: active (running) since di 2019-02-05 10:25:05 CET; 4s ago
  Process: 15130 ExecStart=/usr/sbin/radvd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 15132 (radvd)
   CGroup: /system.slice/radvd.service
           ├─15132 /usr/sbin/radvd
           └─15133 /usr/sbin/radvd

feb 05 10:25:05 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:25:05] radvd (14002): Exiting, privsep_re
feb 05 10:25:05 mach6.hviaene.thuis radvd[14000]: [Feb 05 10:25:05] radvd (14002): Exiting, privsep_re
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Stopping Router advertisement daemon for IPv6...
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Stopped Router advertisement daemon for IPv6.
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Starting Router advertisement daemon for IPv6...
feb 05 10:25:05 mach6.hviaene.thuis systemd[1]: Started Router advertisement daemon for IPv6.

For me, that should be OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Comment 3 Dave Hodgins 2019-02-14 07:01:43 CET
Advisory committed to svn. Validating based on comment 2.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 4 Mageia Robot 2019-02-14 09:40:24 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0082.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.