UbuntuUpdates.org

Package "quagga"

Name: quagga

Description:

BGP/OSPF/RIP routing daemon
Latest version: 0.99.20.1-0ubuntu0.12.04.6
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.quagga.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "quagga"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "quagga" in Precise

Repository Area Version
base main 0.99.20-3
security main 0.99.20.1-0ubuntu0.12.04.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.99.20.1-0ubuntu0.12.04.6 2016-10-25 15:07:04 UTC

  quagga (0.99.20.1-0ubuntu0.12.04.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via stack overrun in IPv6 RA receive
    code
    - debian/patches/CVE-2016-1245.patch: use proper buffer size in
      zebra/rtadv.c.
    - CVE-2016-1245

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 15:18:52 +0200
Source diff to previous version

Version: 0.99.20.1-0ubuntu0.12.04.5 2016-10-13 15:06:40 UTC

  quagga (0.99.20.1-0ubuntu0.12.04.5) precise-security; urgency=medium

  * SECURITY UPDATE: insecure directory permissions
    - debian/quagga.postinst: set proper directory permissions on
      /etc/quagga, /var/log/quagga, /var/run/quagga.
    - CVE-2016-4036
  * SECURITY UPDATE: denial of service via a large BGP packet
    - debian/patches/dump_fix.patch: create multiple MRT records if there
      is too much data for a prefix in bgpd/bgp_dump.c.
    - debian/patches/stream_set_endp.patch: backport stream_set_endp.
    - CVE-2016-4049

 -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 16:05:00 -0400
Source diff to previous version
CVE-2016-4036 The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows loca
CVE-2016-4049 The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to

Version: 0.99.20.1-0ubuntu0.12.04.4 2016-03-24 15:06:48 UTC

  quagga (0.99.20.1-0ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via a large LSA
    - debian/patches/CVE-2013-2236.patch: sanity check lengths in
      ospfd/ospf_api.c.
    - CVE-2013-2236
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    Labeled-VPN SAFI and crafted packet
    - debian/patches/CVE-2016-2342.patch: sanity check lengths in
      bgpd/bgp_mplsvpn.c.
    - CVE-2016-2342

 -- Marc Deslauriers <email address hidden> Wed, 23 Mar 2016 08:16:40 -0400
Source diff to previous version
CVE-2013-2236 Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-
CVE-2016-2342 The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration

Version: 0.99.20.1-0ubuntu0.12.04.3 2012-10-11 20:07:06 UTC

  quagga (0.99.20.1-0ubuntu0.12.04.3) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed ORF capability TLV
    (LP: #1018052)
    - debian/patches/CVE-2012-1820.patch: correctly follow spec in
      bgpd/bgp_open.c.
    - CVE-2012-1820
 -- Marc Deslauriers <email address hidden> Thu, 11 Oct 2012 09:57:06 -0400
Source diff to previous version
1018052 quagga security issue CVE-2012-1820
CVE-2012-1820 The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and d

Version: 0.99.20.1-0ubuntu0.12.04.2 2012-05-15 15:06:52 UTC

  quagga (0.99.20.1-0ubuntu0.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues
    (LP: #994169)
    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255
  * debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
    added fix for a bgpd memory leak related to extra attributes. Thanks to
    Debian for the regression fix.
 -- Marc Deslauriers <email address hidden> Sat, 05 May 2012 17:00:30 -0400
994169 quagga security update tracking bug
CVE-2012-0249 Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote a
CVE-2012-0250 Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) v
CVE-2012-0255 The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to ca


About   -   Send Feedback to @ubuntu_updates