-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Feb 2025 23:04:00 +0100
Source: fort-validator
Architecture: source
Version: 1.5.3-1~deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Marco d'Itri <md@linux.it>
Changed-By: Daniel Leidert <dleidert@debian.org>
Changes:
fort-validator (1.5.3-1~deb11u2) bullseye-security; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* d/control (Build-Depends): Add check and rsync for running tests.
* d/patches/CVE-2024-45234.patch: Add patch to fix CVE-2024-45234.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) an ROA or a Manifest containing a
signedAttrs encoded in non-canonical form. This bypasses Fort's BER
decoder, reaching a point in the code that panics when faced with data
not encoded in DER. Because Fort is an RPKI Relying Party, a panic can
lead to Route Origin Validation unavailability, which can lead to
compromised routing.
* d/patches/CVE-2024-45235.patch: Add patch to fix CVE-2024-45235.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) a resource certificate containing an
Authority Key Identifier extension that lacks the keyIdentifier field.
Fort references this pointer without sanitizing it first. Because Fort
is an RPKI Relying Party, a crash can lead to Route Origin Validation
unavailability, which can lead to compromised routing.
* d/patches/CVE-2024-45236.patch: Add patch to fix CVE-2024-45236.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) a signed object containing an empty
signedAttributes field. Fort accesses the set's elements without
sanitizing it first. Because Fort is an RPKI Relying Party, a crash can
lead to Route Origin Validation unavailability, which can lead to
compromised routing.
* d/patches/CVE-2024-45237.patch: Add patch to fix CVE-2024-45237.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) a resource certificate containing a Key
Usage extension composed of more than two bytes of data. Fort writes this
string into a 2-byte buffer without properly sanitizing its length,
leading to a buffer overflow.
* d/patches/CVE-2024-45238.patch: Add patch to fix CVE-2024-45238.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) a resource certificate containing a bit
string that doesn't properly decode into a Subject Public Key. OpenSSL
does not report this problem during parsing, and when compiled with
OpenSSL libcrypto versions below 3, Fort recklessly dereferences the
pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route
Origin Validation unavailability, which can lead to compromised routing.
* d/patches/CVE-2024-45239.patch: Add patch to fix CVE-2024-45239.
- A malicious RPKI repository that descends from a (trusted) Trust Anchor
can serve (via rsync or RRDP) an ROA or a Manifest containing a null
eContent field. Fort dereferences the pointer without sanitizing it
first. Because Fort is an RPKI Relying Party, a crash can lead to Route
Origin Validation unavailability, which can lead to compromised routing.
* d/patches/CVE-2024-48943.patch: Add patch to fix CVE-2024-48943.
- A malicious RPKI rsync repository can prevent Fort from finishing its
validation run by drip-feeding its content. This can lead to delayed
validation and a stale or unavailable Route Origin Validation.
(thanks to Jochen Sprickerhof for helping backporting the test case)
Checksums-Sha1:
8a8061db33d3a690cdda67f6b026f87df58d6054 2045 fort-validator_1.5.3-1~deb11u2.dsc
d91b1fd39120165e54e871ccb9d764ca26f8e74c 361452 fort-validator_1.5.3.orig.tar.xz
01778dc0a04586c5fa800fd19dec4743303fa36b 15032 fort-validator_1.5.3-1~deb11u2.debian.tar.xz
745b74f837df1ef92e540ac1871f57fbf1596a32 7474 fort-validator_1.5.3-1~deb11u2_amd64.buildinfo
Checksums-Sha256:
6caf188fae595fc6b579713126d91c793c69b4b2255678442f0a5aec58fdfcb0 2045 fort-validator_1.5.3-1~deb11u2.dsc
d40e29ff971296bf57f9ae2e4a7e19d0a3f7b2f5a5746b57fe6a6ffc71c963bf 361452 fort-validator_1.5.3.orig.tar.xz
ca5298bbfec85d417a79a368944dde5d89232fb50cc80437ff9448d595cc1f81 15032 fort-validator_1.5.3-1~deb11u2.debian.tar.xz
0d5207665d59f5a341c3fddd85f355178b8065c7f50cde3e5925783ce942a971 7474 fort-validator_1.5.3-1~deb11u2_amd64.buildinfo
Files:
08e1a630409809e724105fe6a0c3692a 2045 net optional fort-validator_1.5.3-1~deb11u2.dsc
d2522f5b3d5fb98c7a8b802b88bba1e1 361452 net optional fort-validator_1.5.3.orig.tar.xz
e02dcf99427fbd908f0a86e79c99275c 15032 net optional fort-validator_1.5.3-1~deb11u2.debian.tar.xz
0f71ccc9713fff72bf85c28e9f4425d0 7474 net optional fort-validator_1.5.3-1~deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAme7oIcACgkQS80FZ8KW
0F0hUQ//VgUkspX1akvvlSW3hD4dfHekOH+MVwcAFRNgKFFM6XlbtylhjaCySgOo
5ZtkfoEPwV2Y4ED6sODTIDzUd0/QalhC5duRhAIHxvwW0Z7t4IIhP94zLS1UVjwP
ypz/0ZFRQhVQzO43JX2jM5oBrTQmCGDHhie1hUx3nEQXtfjw820FlkI+aEKymUqu
cdk0IVUqgwu/s6M569BrpX1B2lQ1SHv3FWI258qsOCcbm7+t1/Vcef6+gt6hZZzh
2uVjuSRGmNPhR+JZcPhzWF6OBR5uiAwXFQtWf4wZsp8ORJ/riNHBg8rTkN0U49vX
xSlbGauyWJvWvYIfscn6tx2f3vmCeMzwTr3gWiDFGBHN8UNVv9GBVW1dsZ+3Wcwu
qXohpsgmvxMqDrCYy9Efq1AKKoJje1xzEjLoLZ4Qn2JmtAgCOzTcSoKXSh5dOq3p
ThRRSCZaI+b/iCTNKWx+Qzvwo3pv0hu1tZoGdnymxAQuqiV/jHmLbPNlyJaqmxWd
w6X5Jn1NyPUDL2O6LaWLDFHt0z8iM8cKg3Dr6k76s5DPLRoSYI+DFCVrPBrKaSrj
kQeJsxSC0wypn3xPMoftgA+9yAozV072jgYCzrWsjf9lDa+b3OtTkWQaLCuH2Lta
k5p+iBKsgkS0C9bAX3xuO3S7z9LxWInzTFiwn7jAlQeAw9tQg5E=
=p4ks
-----END PGP SIGNATURE-----
Attachment:
pgpxmdcrFYPns.pgp
Description: PGP signature