http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045280.html The weakness is caused due to an error within the "ping" utility when processing certain echo reply packets. This can be exploited to e.g. cause a high CPU usage by tricking a user into pinging a malicious server. Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=613819
added the patch with iputils-20100418
Arches, please test and mark stable: =net-misc/iputils-20100418 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
x86 stable
amd64 done
Stable for HPPA PPC.
CVE-2010-2529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529): Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.
alpha/arm/ia64/m68k/s390/sh/sparc stable
ppc64 done
GLSA request filed.
close, not in portage anymore.
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).