Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

madwifi-ng 0.9.3.2 has been released.  Fixes several security issues as well as
compilation with kernel 2.6.22.  It is only a maintenance release with no new
features.

http://madwifi.org/wiki/Releases/0.9.3.2

I will test and then attach some ebuilds later when I get some time if someone
doesn't beat me too it.

Reproducible: Always

Steps to Reproduce:

Thanks for the report Gordon.
I just saw on #-commit that steev already bumped madwifi-ng-tools, please bump
madwifi-ng too :)
Not sure on the impact, it says 2 NULL pointer dereference, so I'd say it's a
DoS, but maybe there's other ones.

hi arches, please test and mark stable:

net-wireless/madwifi-ng-0.9.3.2 
net-wireless/madwifi-ng-tools-0.9.3.2.

target keywords are "amd64 ppc x86"

x86 done

Waaaaayyy beat me to it, nice work all.

Here is the changeset/info regarding the races/NPDs so you may review it for
any GLSA considerations.

http://madwifi.org/changeset/2317
http://madwifi.org/ticket/1301

My thanks to all involved for taking care of this so quickly.

--- amd64 ---
madwifi-ng(-tools)-0.9.3.2

1: emerges
2: passes collision-protect, (multilib-)strict, test
3: works

Portage 2.1.2.11 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4,
2.6.20-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.20-gentoo-r8 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor
4200+
Gentoo Base System release 1.12.9
Timestamp of tree: Unknown
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -ggdb -march=athlon64 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d
/etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe"
DISTDIR="/tmp/portage"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms splitdebug strict test"
GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo              
http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/           
http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/           
http://mirror.switch.ch/mirror/gentoo/         
http://trumpetti.atm.tut.fi/gentoo/"
LANG="en_US.utf-8"
LINGUAS="en sv"
MAKEOPTS="-j3"
PKGDIR="/tmp/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/private"
SYNC="rsync://dx/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 arts asf avi
bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli
cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader
dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac
foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm
gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript
jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse
mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango
mozsvg mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly nsplugin ntfs
nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png pppd
python qt qt3 qt3support qt4 quicktime readline realmedia reflection reiserfs
samba scanner sdl session spell spl sse sse2 ssl subversion svg symlink tcpd
test tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode
usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp wxwindows
xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid zlib"
ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi
null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse
keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780
lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv" USERLAND="GNU"
VIDEO_CARDS="nv nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPT

amd64 stable

ppc stable, ready for GLSA voting

I tend to vote YES.

I tend to vote YES too.

here is some info from SUSE on this matter:

"According to madwifi developers, the security hole is hardly exploitable. The
mentioned two NULL pointer dereferences are in code marking a channel occupied
by a radar. That means, you would need a radar unit or find another way making
the card believe there is a radar around. Additionally, it is required that no
VAPs are scanning or running, which would be also rather uncommon."

in light of that, i'd vote no, if i had a vote :-)

I saw that one too. Reverting my vote to full NO unless futher information
surfaces.

changing my vote to NO wrt comment #10, and closing without glsa. Feel free to
reopen if you disagree.