quagga in dapper/edgy/feisty are vulnerable to malformed community string in bgpd
Bug #139569 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
quagga (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: quagga
Dear Colleagues,
quagga in dapper/edgy/feisty are vulnerable to a malformed community string in configured neighbours.
References:
CVE-2007-4826
http://
I'll attach security update debdiffs to the version of dapper/edgy/feisty.
Regarding gutsy there is an UVE requested to update to 0.99.9 see: https:/
Regards,
\sh
CVE References
To post a comment you must log in.
quagga (0.99.6-2ubuntu3.2) feisty-security; urgency=low
* SECURITY UPDATE: A bgpd could be crashed if a peer sent a malformed patches/ 92_ubuntu_ fix_dos_ malformed_ community. dpatch: patch to fix
OPEN message or a malformed COMMUNITY attribute. Only configured peers can
do this.
* debian/
the DoS. Latest unstable debian package is 0.99.9 which fixes this
upstream
* References: (LP: #139569)
CVE-2007-4826
-- Stephan Hermann <email address hidden> Fri, 14 Sep 2007 14:31:48 +0200