Ubuntu
quagga package

quagga in dapper/edgy/feisty are vulnerable to malformed community string in bgpd

Bug #139569 reported by Stephan Rügamer
254
Affects Status Importance Assigned to Milestone
quagga (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: quagga

Dear Colleagues,

quagga in dapper/edgy/feisty are vulnerable to a malformed community string in configured neighbours.
References:

CVE-2007-4826
http://www.quagga.net/news2.php?y=2007&m=9&d=7#id1189190760

I'll attach security update debdiffs to the version of dapper/edgy/feisty.

Regarding gutsy there is an UVE requested to update to 0.99.9 see: https://bugs.launchpad.net/ubuntu/+source/quagga/+bug/139376

Regards,

\sh

Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

quagga (0.99.6-2ubuntu3.2) feisty-security; urgency=low

  * SECURITY UPDATE: A bgpd could be crashed if a peer sent a malformed
    OPEN message or a malformed COMMUNITY attribute. Only configured peers can
    do this.
  * debian/patches/92_ubuntu_fix_dos_malformed_community.dpatch: patch to fix
    the DoS. Latest unstable debian package is 0.99.9 which fixes this
    upstream
  * References: (LP: #139569)
    CVE-2007-4826

 -- Stephan Hermann <email address hidden> Fri, 14 Sep 2007 14:31:48 +0200

Changed in quagga:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.