A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd. References: https://github.com/reubenhwk/radvd/issues/100 https://bugzilla.redhat.com/show_bug.cgi?id=1630167 https://bugzilla.redhat.com/show_bug.cgi?id=1668812 Upstream Patch: https://github.com/reubenhwk/radvd/pull/101
Created radvd tracking bugs for this issue: Affects: fedora-all [bug 1669298]
In general, mis-handling of incorrect configuration files does not constitute a security vulnerability. The configuration file for radvd (and most daemons) is trusted input provided by the administrator. The bugs referenced in comment#0 track the fixing of this issue in radvd. No security handling is required.