Package "quagga-dbg"
Name: |
quagga-dbg
|
Description: |
BGP/OSPF/RIP routing daemon (debug symbols)
|
Latest version: |
0.99.20.1-0ubuntu0.12.04.6 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
quagga |
Homepage: |
http://www.quagga.net/ |
Links
Download "quagga-dbg"
Other versions of "quagga-dbg" in Precise
Changelog
quagga (0.99.20.1-0ubuntu0.12.04.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via stack overrun in IPv6 RA receive
code
- debian/patches/CVE-2016-1245.patch: use proper buffer size in
zebra/rtadv.c.
- CVE-2016-1245
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 15:18:52 +0200
|
Source diff to previous version |
quagga (0.99.20.1-0ubuntu0.12.04.5) precise-security; urgency=medium
* SECURITY UPDATE: insecure directory permissions
- debian/quagga.postinst: set proper directory permissions on
/etc/quagga, /var/log/quagga, /var/run/quagga.
- CVE-2016-4036
* SECURITY UPDATE: denial of service via a large BGP packet
- debian/patches/dump_fix.patch: create multiple MRT records if there
is too much data for a prefix in bgpd/bgp_dump.c.
- debian/patches/stream_set_endp.patch: backport stream_set_endp.
- CVE-2016-4049
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 16:05:00 -0400
|
Source diff to previous version |
CVE-2016-4036 |
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows loca |
CVE-2016-4049 |
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to |
|
quagga (0.99.20.1-0ubuntu0.12.04.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via a large LSA
- debian/patches/CVE-2013-2236.patch: sanity check lengths in
ospfd/ospf_api.c.
- CVE-2013-2236
* SECURITY UPDATE: denial of service or arbitrary code execution via
Labeled-VPN SAFI and crafted packet
- debian/patches/CVE-2016-2342.patch: sanity check lengths in
bgpd/bgp_mplsvpn.c.
- CVE-2016-2342
-- Marc Deslauriers <email address hidden> Wed, 23 Mar 2016 08:16:40 -0400
|
Source diff to previous version |
CVE-2013-2236 |
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque- |
CVE-2016-2342 |
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration |
|
quagga (0.99.20.1-0ubuntu0.12.04.3) precise-security; urgency=low
* SECURITY UPDATE: denial of service via malformed ORF capability TLV
(LP: #1018052)
- debian/patches/CVE-2012-1820.patch: correctly follow spec in
bgpd/bgp_open.c.
- CVE-2012-1820
-- Marc Deslauriers <email address hidden> Thu, 11 Oct 2012 09:57:06 -0400
|
Source diff to previous version |
1018052 |
quagga security issue CVE-2012-1820 |
CVE-2012-1820 |
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and d |
|
quagga (0.99.20.1-0ubuntu0.12.04.2) precise-security; urgency=low
* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues
(LP: #994169)
- Denial of service via short Link State Update packet
- Denial of service via short network-LSA link-state advertisement
- Denial of service via malformed Four-octet AS Number Capability
- CVE-2012-0249
- CVE-2012-0250
- CVE-2012-0255
* debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
added fix for a bgpd memory leak related to extra attributes. Thanks to
Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 17:00:30 -0400
|
994169 |
quagga security update tracking bug |
CVE-2012-0249 |
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote a |
CVE-2012-0250 |
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) v |
CVE-2012-0255 |
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to ca |
|
About
-
Send Feedback to @ubuntu_updates