Ubuntu
quagga package

quagga: Assertion `len < str_size' failed in file bgp_aspath.c, line 619

Bug #372757 reported by Nick Lowe
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
quagga (Debian)
Fix Released
Unknown
quagga (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Low
Kees Cook
Hardy
Fix Released
Low
Kees Cook
Intrepid
Fix Released
Low
Kees Cook
Jaunty
Fix Released
Low
Kees Cook
Karmic
Fix Released
Undecided
Unassigned
Revision history for this message
Nick Lowe (nick-int-r) wrote :

http://secunia.com/advisories/34999/

visibility: private → public
Revision history for this message
Nick Lowe (nick-int-r) wrote :

http://lists.debian.org/debian-security-announce/2009/msg00099.html

Bug Watch Updater (bug-watch-updater)
Changed in quagga (Debian):
status: Unknown → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Fixed in Karmic in 0.99.11-2

Changed in quagga (Ubuntu Karmic):
status: New → Fix Released
Changed in quagga (Ubuntu Dapper):
status: New → Fix Committed
importance: Undecided → Low
assignee: nobody → Kees Cook (kees)
Changed in quagga (Ubuntu Hardy):
status: New → Fix Committed
importance: Undecided → Low
assignee: nobody → Kees Cook (kees)
Changed in quagga (Ubuntu Intrepid):
status: New → Fix Committed
importance: Undecided → Low
assignee: nobody → Kees Cook (kees)
Changed in quagga (Ubuntu Jaunty):
status: New → Fix Committed
importance: Undecided → Low
assignee: nobody → Kees Cook (kees)
Revision history for this message
Kees Cook (kees) wrote :

CVE-2009-1572

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quagga - 0.99.9-2ubuntu1.2

---------------
quagga (0.99.9-2ubuntu1.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service with multiple AS numbers.
    - debian/patches/99_as4-crash-fix.dpatch: backported upstream fixes
      thanks to Chris Caputo and Florian Weimer.
    - CVE-2009-1572 (LP: #372757)

 -- Kees Cook <email address hidden> Wed, 06 May 2009 11:14:39 -0700

Changed in quagga (Ubuntu Hardy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quagga - 0.99.9-6ubuntu0.1

---------------
quagga (0.99.9-6ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: denial of service with multiple AS numbers.
    - debian/patches/99_as4-crash-fix.dpatch: backported upstream fixes
      thanks to Chris Caputo and Florian Weimer.
    - CVE-2009-1572 (LP: #372757)

 -- Kees Cook <email address hidden> Wed, 06 May 2009 11:14:39 -0700

Changed in quagga (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quagga - 0.99.11-1ubuntu0.1

---------------
quagga (0.99.11-1ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service with multiple AS numbers.
    - debian/patches/99_as4-crash-fix.dpatch: upstream fixes thanks
      to Chris Caputo and Florian Weimer.
    - CVE-2009-1572 (LP: #372757)
  * debian/patches/99_fix-convert-dither.dpatch: fix FTBFS due to
    ImageMagick changes, thanks to Florian Weimer.

 -- Kees Cook <email address hidden> Wed, 06 May 2009 11:14:39 -0700

Changed in quagga (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

http://www.ubuntu.com/usn/usn-775-2

Changed in quagga (Ubuntu Dapper):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.