Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service.
|Package||net-misc/radvd on all architectures|
|Affected versions||< 1.8.2|
|Unaffected versions||>= 1.8.2|
radvd is an IPv6 router advertisement daemon for Linux and BSD.
Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details.
A remote unauthenticated attacker may be able to gain escalated privileges, escalate the privileges of the radvd process, overwrite files with specific names, or cause a Denial of Service. Local attackers may be able to overwrite the contents of arbitrary files using symlinks.
There is no known workaround at this time.
All radvd users should upgrade to the latest stable version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"
November 20, 2011
November 20, 2011: 1