-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Mar 2025 03:13:08 +0100 Source: fort-validator Binary: fort-validator fort-validator-dbgsym Architecture: arm64 Version: 1.5.4-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Daniel Leidert Description: fort-validator - RPKI validator and RTR server Changes: fort-validator (1.5.4-1+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * d/control (Build-Depends): Add rsync for running tests. * d/patches/CVE-2024-45234.patch: Add patch to fix CVE-2024-45234. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. * d/patches/CVE-2024-45235.patch: Add patch to fix CVE-2024-45235. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. * d/patches/CVE-2024-45236.patch: Add patch to fix CVE-2024-45236. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. * d/patches/CVE-2024-45237.patch: Add patch to fix CVE-2024-45237. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. * d/patches/CVE-2024-45238.patch: Add patch to fix CVE-2024-45238. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. * d/patches/CVE-2024-45239.patch: Add patch to fix CVE-2024-45239. - A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. * d/patches/CVE-2024-48943.patch: Add patch to fix CVE-2024-48943. - A malicious RPKI rsync repository can prevent Fort from finishing its validation run by drip-feeding its content. This can lead to delayed validation and a stale or unavailable Route Origin Validation. (thanks to Jochen Sprickerhof for helping backporting the test case) Checksums-Sha1: 135b561e57c257d4edf77f09dc2fcb46ce67cebf 615604 fort-validator-dbgsym_1.5.4-1+deb12u1_arm64.deb 82d0d210dcd7b3716fe19b4dbbd4e5a5bc23b5f9 7268 fort-validator_1.5.4-1+deb12u1_arm64-buildd.buildinfo a73f23aade5cc01865b0e770dbacacf7d0e16812 194060 fort-validator_1.5.4-1+deb12u1_arm64.deb Checksums-Sha256: 082bfc3d717515d9f74a2090214f869549e0567318951f14ff9d68614ebdf066 615604 fort-validator-dbgsym_1.5.4-1+deb12u1_arm64.deb 53b949da0ccb6aba1fffe9c504cc3d0aa902fe5e992d70641030a4d7f9c8bd3b 7268 fort-validator_1.5.4-1+deb12u1_arm64-buildd.buildinfo c74ea1e280628d1fd155277d6d4adae040f925460d191830e918a3846afead98 194060 fort-validator_1.5.4-1+deb12u1_arm64.deb Files: 0e0789288455500cd6717e488e37ec7a 615604 debug optional fort-validator-dbgsym_1.5.4-1+deb12u1_arm64.deb aeb520c779bb5317858a78f3da324ca5 7268 net optional fort-validator_1.5.4-1+deb12u1_arm64-buildd.buildinfo a50a1dd327ac165049ce2cb4ca2a693a 194060 net optional fort-validator_1.5.4-1+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmhpU5gACgkQS/ZIXkV8 oLAjyA/9FWfPVA5qlNRhwDS8Fuq/Jl+UL6Z0lboBg3kad1rK3Wu4ndc5Z9wC7IWN s24XH9PS+ogCZJzXKM1tLMkiuI9qjk7u9afA8GTUlXE5YSX7xXWADKOOsudVVP7L Y89VLwuytDb2Kz2pDXWeyHiTmPz6JnGe87zd6tj6D00PR8ePaEwdObEYgTflkY78 f6FxEOIyytl9GFXhHI2IMZESbtWcqrERzRy8JABUpaNWN82bAzpmzmktogpeEz23 C+txIQRdNFBO/LN6Qhv0BlBuPsG9ei6oA/tnu9D0+nQZgzZ5wFnFJshxnCnN5sJ3 m8RJ70swP7ghzr+bJLRpTQSqA0oFlHhAWf4tc7kfDh6fRETZ5c6xUBwFsqSJ+a/2 NoeumqUz5dIuXIIV1U/A1I/25Zc0ENzPv1zx60G30BIjUlBDUI8hUCTk9oA4UZSB zfuk8ZwEBtG27fQo51aWuD/91QNn+MfSiWnhx9uEH1qcsXHxXImXZEccQB5E/W8M 7buVhdat/RoODq8REbKV7zEYJbzv8Zd8Lgl/OCFmtYSML/zS24db4qz787d7+vxA /PTXTzOc/aN8tJ86mHjt5Jq9vsciuBi97Nfjv4AuTp+eMGrOHNZeK8aaJS/VEffe X6Z+TQN3E+IVBIXcZCXf5ion2rOS4C4XhkQOsOsrlRxmDO7PMHA= =bUqT -----END PGP SIGNATURE-----