madwifi-ng 0.9.3.2 has been released. Fixes several security issues as well as compilation with kernel 2.6.22. It is only a maintenance release with no new features. http://madwifi.org/wiki/Releases/0.9.3.2 I will test and then attach some ebuilds later when I get some time if someone doesn't beat me too it. Reproducible: Always Steps to Reproduce:
Thanks for the report Gordon. I just saw on #-commit that steev already bumped madwifi-ng-tools, please bump madwifi-ng too :) Not sure on the impact, it says 2 NULL pointer dereference, so I'd say it's a DoS, but maybe there's other ones.
hi arches, please test and mark stable: net-wireless/madwifi-ng-0.9.3.2 net-wireless/madwifi-ng-tools-0.9.3.2. target keywords are "amd64 ppc x86"
x86 done
Waaaaayyy beat me to it, nice work all. Here is the changeset/info regarding the races/NPDs so you may review it for any GLSA considerations. http://madwifi.org/changeset/2317 http://madwifi.org/ticket/1301 My thanks to all involved for taking care of this so quickly.
--- amd64 --- madwifi-ng(-tools)-0.9.3.2 1: emerges 2: passes collision-protect, (multilib-)strict, test 3: works Portage 2.1.2.11 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.20-gentoo-r8 x86_64) ================================================================= System uname: 2.6.20-gentoo-r8 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Gentoo Base System release 1.12.9 Timestamp of tree: Unknown ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -ggdb -march=athlon64 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe" DISTDIR="/tmp/portage" FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms splitdebug strict test" GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mirror.switch.ch/mirror/gentoo/ http://trumpetti.atm.tut.fi/gentoo/" LANG="en_US.utf-8" LINGUAS="en sv" MAKEOPTS="-j3" PKGDIR="/tmp/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/private" SYNC="rsync://dx/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 arts asf avi bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango mozsvg mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly nsplugin ntfs nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png pppd python qt qt3 qt3support qt4 quicktime readline realmedia reflection reiserfs samba scanner sdl session spell spl sse sse2 ssl subversion svg symlink tcpd test tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp wxwindows xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv" USERLAND="GNU" VIDEO_CARDS="nv nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPT
amd64 stable
ppc stable, ready for GLSA voting
I tend to vote YES.
I tend to vote YES too.
here is some info from SUSE on this matter: "According to madwifi developers, the security hole is hardly exploitable. The mentioned two NULL pointer dereferences are in code marking a channel occupied by a radar. That means, you would need a radar unit or find another way making the card believe there is a radar around. Additionally, it is required that no VAPs are scanning or running, which would be also rather uncommon." in light of that, i'd vote no, if i had a vote :-)
I saw that one too. Reverting my vote to full NO unless futher information surfaces.
changing my vote to NO wrt comment #10, and closing without glsa. Feel free to reopen if you disagree.