Copy/Pasted from: http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue/release-0-9-2-1-fixes-critical-security-issue A critical security flaw (CVE-2006-6332) has been discovered which can be exploited from remote and allows arbitrary code injection. The fix has been committed to trunk in r1842. In addition, we released v0.9.2.1 (v0.9.2 plus the fix for the issue), which is available for download from sf.net. All users should upgrade as soon as possible. --------- End Copy/Paste ----------- 0.9.2.1 is availabe with NO other changes from the 0.9.2 version. Updating the ebuild to the new version should be painless.
This is the download link from madwifi.org's security announcement: http://sourceforge.net/project/showfiles.php?group_id=82936&package_id=85233
Sorry, bad news link in first post, here is the corrected news link: http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue
Mobile please provide an updated ebuild. This one seems pretty nasty.
Thx Genstef for the quickfix. Arches please test and mark stable. Target keywords are: madwifi-ng-0.9.2.1.ebuild:KEYWORDS="amd64 ppc x86"
net-wireless/madwifi-ng-0.9.2.1 USE="-amrr -onoe" 1. emerges on x86 2. passes collision test 3. works Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.3 i686) ================================================================= System uname: 2.6.18.3 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.6 Last Sync: Thu, 07 Dec 2006 17:30:01 +0000 ccache version 2.3 [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
More verbose details on this. http://lists.immunitysec.com/pipermail/dailydave/2006-December/003881.html
Done on x86
ppc stable
Nice work gentlemen, an fix for this security bug was made available in portage in just a few hours after it was announced on madwifi.org. Apparently this patch introduces a possible kernel oops which is now fixed in madwifi's dev tree. However, the remote exploit is still fixed so no update release is being issued upstream. Reason is "0.9.3 is at the door".
hello amd64, something blocking ?
wrt comment #9 that is http://madwifi.org/changeset/1847 kingtaco is working on amd64
amd64 stable, sorry for the delay
GLSA 200612-09