Register | Log in

fort-validator

RPKI validator and RTR server

Choose email to subscribe with

general

source: fort-validator (main)
version: 1.6.5-1
maintainer: Marco d'Itri (DMD)
arch: any
std-ver: 4.7.0.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.5.3-1~deb11u1
old-sec: 1.5.3-1~deb11u1
old-bpo: 1.5.4-1~bpo11+1
stable: 1.5.4-1
stable-bpo: 1.6.4+20240930-1~bpo12+1
testing: 1.6.5-1
unstable: 1.6.5-1

versioned links

1.5.3-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.4-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.4+20240930-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

fort-validator

action needed

9 security issues in bullseye high

There are 9 open security issues in bullseye.

9 important issues:

CVE-2024-45234: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45235: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45236: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45237: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.
CVE-2024-45238: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45239: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-48943:
CVE-2024-56169: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
CVE-2024-56170: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

Created: 2024-08-25 Last update: 2025-01-12 07:49

9 security issues in bookworm high

There are 9 open security issues in bookworm.

7 important issues:

CVE-2024-45234: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45235: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45236: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45237: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.
CVE-2024-45238: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45239: An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-48943:

2 issues left for the package maintainer to handle:

CVE-2024-56169: (needs triaging) A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
CVE-2024-56170: (needs triaging) A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-08-25 Last update: 2025-01-12 07:49

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-56169: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
CVE-2024-56170: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

Created: 2025-01-12 Last update: 2025-01-12 07:49

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-56169: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
CVE-2024-56170: A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

Created: 2025-01-12 Last update: 2025-01-12 07:49

debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 1.6.5-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-12-22 10:56

testing migrations

This package will soon be part of the auto-libxml2 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2024-12-27] fort-validator 1.6.5-1 MIGRATED to testing (Debian testing watch)
[2024-12-21] Accepted fort-validator 1.6.5-1 (source) into unstable (Marco d'Itri)
[2024-10-14] Accepted fort-validator 1.6.4+20240930-1~bpo12+1 (source) into stable-backports (Marco d'Itri)
[2024-10-06] fort-validator 1.6.4+20240930-1 MIGRATED to testing (Debian testing watch)
[2024-09-30] Accepted fort-validator 1.6.4+20240930-1 (source) into unstable (Marco d'Itri)
[2024-09-20] Accepted fort-validator 1.6.3-1~bpo12+1 (source) into stable-backports (Marco d'Itri)
[2024-08-28] fort-validator 1.6.3-1 MIGRATED to testing (Debian testing watch)
[2024-08-22] Accepted fort-validator 1.6.3-1 (source) into unstable (Marco d'Itri)
[2024-08-03] fort-validator 1.6.2-1 MIGRATED to testing (Debian testing watch)
[2024-07-29] Accepted fort-validator 1.6.2-1 (source) into unstable (Marco d'Itri)
[2024-01-03] Accepted fort-validator 1.6.1-1~bpo12+2 (source amd64) into stable-backports (Debian FTP Masters) (signed by: Marco d'Itri)
[2023-12-21] fort-validator 1.6.1-1 MIGRATED to testing (Debian testing watch)
[2023-12-16] Accepted fort-validator 1.6.1-1 (source) into unstable (Marco d'Itri)
[2023-02-16] Accepted fort-validator 1.5.4-1~bpo11+1 (source amd64) into bullseye-backports (Debian FTP Masters) (signed by: Marco d'Itri)
[2023-02-13] fort-validator 1.5.4-1 MIGRATED to testing (Debian testing watch)
[2023-02-07] Accepted fort-validator 1.5.4-1 (source) into unstable (Marco d'Itri)
[2022-01-08] Accepted fort-validator 1.5.3-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Marco d'Itri)
[2021-12-30] Accepted fort-validator 1.5.3-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Marco d'Itri)
[2021-11-12] fort-validator 1.5.3-1 MIGRATED to testing (Debian testing watch)
[2021-11-09] Accepted fort-validator 1.5.3-1 (source) into unstable (Marco d'Itri)
[2021-11-03] fort-validator 1.5.2-1 MIGRATED to testing (Debian testing watch)
[2021-10-29] Accepted fort-validator 1.5.2-1 (source) into unstable (Marco d'Itri)
[2021-08-16] fort-validator 1.5.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-09] Accepted fort-validator 1.5.1-1 (source) into unstable (Marco d'Itri)
[2021-02-21] fort-validator 1.5.0-1 MIGRATED to testing (Debian testing watch)
[2021-02-11] Accepted fort-validator 1.5.0-1 (source) into unstable (Marco d'Itri)
[2020-11-01] fort-validator 1.4.2-1 MIGRATED to testing (Debian testing watch)
[2020-10-26] Accepted fort-validator 1.4.2-1 (source) into unstable (Marco d'Itri)
[2020-10-05] fort-validator 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-09-29] Accepted fort-validator 1.4.1-1 (source) into unstable (Marco d'Itri)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.6.5-1
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing