[Secure-testing-team] Bug#644614: multiple security issues in radvd 1.6

[Yves-Alexis Perez]

Package: radvd
Version: 1.6-1
Severity: grave
Tags: security
Justification: user security hole

Hey,

Solar Designer reported on http://seclists.org/oss-sec/2011/q4/30 that
multiple issues were found in radvd 1.8.1. Not all of them apply to
1.6-1 in squeeze or 1.8-1 in sid though.

As far as I can tell:

* CVE-2011-3601 (privilege escalation) is present in 1.8-1 but not in
  1.6-1 (no support for ND_OPT_DNSSL_INFORMATION in 1.6)
  Patch: https://github.com/reubenhwk/radvd/commit/9dfaaaf740ce784541e76e68de4ae04dce2c0921
* CVE-2011-3602 (arbitrary file overwrite) is present in both versions
  Patch: https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc
* CVE-2011-3603 (failure to check privsep() errors) is present in both versions
  Patches: https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60
           https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275
           https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d
* CVE-2011-3604 (buffer overreads) is present in both versions
  Patch: https://github.com/reubenhwk/radvd/commit/7de1b9abf87b747ee2611c0d2a94dfeee79878b4
* CVE-2011-3605 (denial of service in unicast mode) is present in both versions
  Patch:
  https://github.com/reubenhwk/radvd/commit/2591d0189257caeaae2057dfed0a260310497a61

I'm reporting only one bug for all the issues, which can be fixed by
uploading 1.8.2-1 to unstable. For squeeze, backporting the patches
should be fairly straightforward.

Please add CVE numbers in the changelog.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash