685264 – <net-misc/dhcpcd-7.1.1-r3 - dhcpv6: potential read overflow with D6_OPTION_PD_EXCLUDE

Bug 685264 - <net-misc/dhcpcd-7.1.1-r3 - dhcpv6: potential read overflow with D6_OPTION_PD_EXCLUDE

Summary: <net-misc/dhcpcd-7.1.1-r3 - dhcpv6: potential read overflow with D6_OPTION_PD...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://roy.marples.name/archives/dhc...
Whiteboard:	A4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-05-07 11:18 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified:	2019-08-03 15:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	net-misc/dhcpcd-7.1.1-r3
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2019-05-07 11:18:30 UTC

From URL:

This security issue has been addressed
  *  DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE

Comment 1 Larry the Git Cow gentoo-dev

2019-05-07 11:19:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be946042b4fe11abaac43300d2165e224215d3c9

commit be946042b4fe11abaac43300d2165e224215d3c9
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-05-07 11:19:21 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-05-07 11:19:47 +0000

    net-misc/dhcpcd: Security bump to version 7.1.1-r3
    
    Bug: https://bugs.gentoo.org/685264
    Package-Manager: Portage-2.3.66, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild             | 154 +++++++++++++++++++++
 .../files/dhcpcd-7.1.1-v6_read_overflow.patch      | 120 ++++++++++++++++
 2 files changed, 274 insertions(+)

Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2019-05-07 11:21:58 UTC

WilliamH already bumped dhcpcd-7.2.2 so ~arch is already safe. Let's handle our stable users as well...

Comment 3 Larry the Git Cow gentoo-dev

2019-05-08 14:38:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0167c7b1a7ddf5bdcc5e0613bdd7247d84ab89a1

commit 0167c7b1a7ddf5bdcc5e0613bdd7247d84ab89a1
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-05-08 14:37:34 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-05-08 14:37:47 +0000

    net-misc/dhcpcd-7.1.1-r3: alpha stable
    
    Bug: http://bugs.gentoo.org/685264
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 4 Agostino Sarubbo gentoo-dev

2019-05-08 19:29:15 UTC

amd64 stable

Comment 5 Rolf Eike Beer archtester

2019-05-08 19:58:04 UTC

sparc stable

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2019-05-10 02:28:52 UTC

arm64 stable

Comment 7 Mikle Kolyada (RETIRED) archtester

2019-05-11 12:18:33 UTC

arm stable

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2019-05-12 19:29:38 UTC

x86 stable

Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev

2019-05-12 22:08:26 UTC

ia64 stable

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2019-05-12 22:13:28 UTC

ppc stable

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2019-05-12 22:18:28 UTC

ppc64 stable

Comment 12 Rolf Eike Beer archtester

2019-05-24 20:54:44 UTC

hppa stable

Comment 13 Mikle Kolyada (RETIRED) archtester

2019-05-25 08:19:57 UTC

s390 stable

Comment 14 Mikle Kolyada (RETIRED) archtester

2019-05-25 08:20:31 UTC

sh stable

Comment 15 Larry the Git Cow gentoo-dev

2019-05-25 08:22:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80722bc465e525603dbc643f03ac4bf904a4e7f7

commit 80722bc465e525603dbc643f03ac4bf904a4e7f7
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2019-05-25 08:22:07 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2019-05-25 08:22:07 +0000

    net-misc/dhcpcd: Security cleanup
    
    Bug: https://bugs.gentoo.org/685264
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
    Package-Manager: Portage-2.3.66, Repoman-2.3.11

 net-misc/dhcpcd/dhcpcd-7.1.1-r2.ebuild | 153 ---------------------------------
 1 file changed, 153 deletions(-)