---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14000 2011-10-09 06:18:56 ---------------------------------------------------------------------------= -----
Name : radvd Product : Fedora 14 Version : 1.8.2 Release : 2.fc14 URL : http://www.litech.org/radvd/ Summary : A Router Advertisement daemon Description : radvd is the router advertisement daemon for IPv6. It listens to router solicitations and sends router advertisements as described in "Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these advertisements hosts can automatically configure their addresses and some other parameters. They also can choose a default router based on these advertisements. Install radvd if you are setting up IPv6 network and/or Mobile IPv6 services. ---------------------------------------------------------------------------= ----- Update Information: update to latest upstream radvd-1.8.2 fixes CVE-2011-3601, CVE-2011-3602, CVE-2011-3603, CVE-2011-3604, CVE-2011-= 3605 ---------------------------------------------------------------------------= ----- ChangeLog: * Mon Oct 10 2011 Jiri Skala <[email protected]> - 1.8.2-2 - fixes CVE-2011-3602 * Fri Oct 7 2011 Jiri Skala <[email protected]> - 1.8.2-1 - update to latest upstream version 1.8.2 - this update fixes CVE-2011-360{1..5} * Fri Feb 25 2011 Jiri Skala <[email protected]> - 1.7-1 - updated to latest upstream 1.7 - fixes #679830 - radvd dies when reloading, initscript reports OK ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #743748 - CVE-2011-3601 radvd: privilege escalation flaw in pro= cess_ra() https://bugzilla.redhat.com/show_bug.cgi?id=3D743748 [ 2 ] Bug #743749 - CVE-2011-3602 radvd: arbitrary file overwrite flaw in= set_interface_var() https://bugzilla.redhat.com/show_bug.cgi?id=3D743749 [ 3 ] Bug #743752 - CVE-2011-3603 radvd: daemon would not fail on privsep= _init() causing it to run with full root privileges https://bugzilla.redhat.com/show_bug.cgi?id=3D743752 [ 4 ] Bug #743756 - CVE-2011-3604 radvd: numerous buffer overread flaws i= n process_ra() may lead to crash https://bugzilla.redhat.com/show_bug.cgi?id=3D743756 [ 5 ] Bug #743758 - CVE-2011-3605 radvd: temporary denial of service flaw= in process_rs() https://bugzilla.redhat.com/show_bug.cgi?id=3D743758 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update radvd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= ----- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
