UbuntuUpdates.org

Package "quagga-doc"

Name: quagga-doc

Description:

documentation files for quagga

Latest version: 0.99.24.1-2ubuntu1.4
Release: xenial (16.04)
Level: security
Repository: main
Head package: quagga
Homepage: http://www.quagga.net/

Links


Download "quagga-doc"


Other versions of "quagga-doc" in Xenial

Repository Area Version
base main 0.99.24.1-2ubuntu1
updates main 0.99.24.1-2ubuntu1.4

Changelog

Version: 0.99.24.1-2ubuntu1.4 2018-02-20 21:07:47 UTC

  quagga (0.99.24.1-2ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via double-free
    - debian/patches/Quagga-2018-1114.patch: fix double-free in
      bgpd/bgp_attr.c, bgpd/bgp_attr.h.
    - No CVE number
  * SECURITY UPDATE: code-to-string conversion table overrun
    - debian/patches/Quagga-2018-1550.patch: limit size in
      bgpd/bgp_debug.c.
    - No CVE number
  * SECURITY UPDATE: hang via invalid OPEN message
    - debian/patches/Quagga-2018-1975.patch: fix infinite loop in
      bgpd/bgp_packet.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 07 Feb 2018 07:34:42 -0500

Source diff to previous version

Version: 0.99.24.1-2ubuntu1.3 2017-10-31 19:07:12 UTC

  quagga (0.99.24.1-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via telnet CLI
    - debian/patches/CVE-2017-5495-1.patch: limit size of vty buffer to
      4096 bytes in lib/command.c, lib/vty.c, lib/vty.h, vtysh/vtysh.c.
    - debian/patches/CVE-2017-5495-2.patch: ensure vty buf is nul
      terminated and wrap puts to it with checks in lib/vty.c.
    - CVE-2017-5495
  * SECURITY UPDATE: DoS via BGP UPDATE messages
    - debian/patches/CVE-2017-16227.patch: fix AS_PATH size calculation for
      long paths in bgpd/bgp_aspath.c.
    - CVE-2017-16227

 -- Marc Deslauriers <email address hidden> Mon, 30 Oct 2017 10:25:44 -0400

Source diff to previous version
CVE-2017-5495 All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service
CVE-2017-16227 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDAT

Version: 0.99.24.1-2ubuntu1.2 2016-10-25 14:06:34 UTC

  quagga (0.99.24.1-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via stack overrun in IPv6 RA receive
    code
    - debian/patches/CVE-2016-1245.patch: use proper buffer size in
      zebra/rtadv.c.
    - CVE-2016-1245

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 15:17:55 +0200

Source diff to previous version

Version: 0.99.24.1-2ubuntu1.1 2016-10-13 13:06:38 UTC

  quagga (0.99.24.1-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: insecure directory permissions
    - debian/quagga.postinst: set proper directory permissions on
      /etc/quagga, /var/log/quagga, /var/run/quagga.
    - CVE-2016-4036
  * SECURITY UPDATE: denial of service via a large BGP packet
    - debian/patches/dump_fix.patch: create multiple MRT records if there
      is too much data for a prefix in bgpd/bgp_dump.c.
    - CVE-2016-4049

 -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 15:58:30 -0400

CVE-2016-4036 The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows loca
CVE-2016-4049 The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to



About   -   Send Feedback to @ubuntu_updates