LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-11152 (mipv6-daemon)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: mipv6-daemon-0.4-5.fc13 


Date:
    	      Tue, 17 Aug 2010 05:33:34 +0000


Message-ID:
    	      <20100817053334.AECAF110ACC@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11152
2010-07-15 20:44:13
--------------------------------------------------------------------------------

Name        : mipv6-daemon
Product     : Fedora 13
Version     : 0.4
Release     : 5.fc13
URL         : http://www.linux-ipv6.org/memo/mipv6/
Summary     : Mobile IPv6 (MIPv6) Daemon
Description :
The mobile IPv6 daemon allows nodes to remain
reachable while moving around in the IPv6 Internet.

--------------------------------------------------------------------------------
Update Information:

This update fixes two security problems in mipv6-daemon:    I) CVE-2010-2522:
The origin of netlink messages sent to mipv6-daemon was not verified, allowing
for local users to spoof netlink messages and thus influence the behaviour of
mipv6-daemon.    II) CVE-2010-2523: A specially crafted
ND_OPT_PREFIX_INFORMATION or ND_OPT_HOME_AGENT_INFO packet could be used to
exploit a buffer overflow in mipv6-daemon.
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #614227 - CVE-2010-2522 mipv6-daemon: local users can spoof netlink socket
communications
        https://bugzilla.redhat.com/show_bug.cgi?id=614227
  [ 2 ] Bug #614237 - CVE-2010-2523 mipv6-daemon: multiple buffer overflows allow remote attackers
to have unspecified impact
        https://bugzilla.redhat.com/show_bug.cgi?id=614237
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mipv6-daemon' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds