Ubuntu
quagga package

Branches for Maverick

Name Status Last Modified Last Commit
lp:ubuntu/maverick/quagga 2 Mature 2010-08-25 00:52:48 UTC
24. SECURITY: "This release provides two ...

Author: Christian Hammers
Revision Date: 2010-08-25 00:52:48 UTC

SECURITY:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team.":
1. Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948
2. DoS (crash) while processing certain BGP update AS path messages
CVE-2010-2949
Closes: #594262
lp:ubuntu/maverick-security/quagga 2 Mature 2011-10-07 10:19:05 UTC
26. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2011-10-07 10:19:05 UTC

* SECURITY UPDATE: arbitrary code execution via malformed Inter Area
  Prefix LSA
  - debian/patches/99_CVE-2011-3323.dpatch: check lengths in
    ospf6d/{ospf6_abr.h,ospf6_asbr.h,ospf6_intra.h,ospf6_lsa.h,
    ospf6_message.c,ospf6_message.h,ospf6_proto.h}
  - CVE-2011-3323
* SECURITY UPDATE: denial of sevice via crafted Link-State-Advertisement
  - debian/patches/99_CVE-2011-3324.dpatch: change assert to warning in
    ospf6d/ospf6_lsa.c.
  - CVE-2011-3324
* SECURITY UPDATE: denial of service via crafted Hello packet
  - debian/patches/99_CVE-2011-3325.dpatch: add extra checks to
    ospfd/ospf_packet.c.
  - CVE-2011-3325
* SECURITY UPDATE: denial of service via unknown Link-State-Advertisements
  types
  - debian/patches/99_CVE-2011-3326.dpatch: exit if LSA type is unknown
    in ospfd/ospf_flood.c.
  - CVE-2011-3326
* SECURITY UPDATE: arbitrary code execution via Extended Communities path
  attribute
  - debian/patches/99_CVE-2011-3327.dpatch: properly check size in
    bgpd/bgp_ecommunity.c.
  - CVE-2011-3327
lp:ubuntu/maverick-updates/quagga 2 Mature 2011-10-07 10:19:05 UTC
26. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2011-10-07 10:19:05 UTC

* SECURITY UPDATE: arbitrary code execution via malformed Inter Area
  Prefix LSA
  - debian/patches/99_CVE-2011-3323.dpatch: check lengths in
    ospf6d/{ospf6_abr.h,ospf6_asbr.h,ospf6_intra.h,ospf6_lsa.h,
    ospf6_message.c,ospf6_message.h,ospf6_proto.h}
  - CVE-2011-3323
* SECURITY UPDATE: denial of sevice via crafted Link-State-Advertisement
  - debian/patches/99_CVE-2011-3324.dpatch: change assert to warning in
    ospf6d/ospf6_lsa.c.
  - CVE-2011-3324
* SECURITY UPDATE: denial of service via crafted Hello packet
  - debian/patches/99_CVE-2011-3325.dpatch: add extra checks to
    ospfd/ospf_packet.c.
  - CVE-2011-3325
* SECURITY UPDATE: denial of service via unknown Link-State-Advertisements
  types
  - debian/patches/99_CVE-2011-3326.dpatch: exit if LSA type is unknown
    in ospfd/ospf_flood.c.
  - CVE-2011-3326
* SECURITY UPDATE: arbitrary code execution via Extended Communities path
  attribute
  - debian/patches/99_CVE-2011-3327.dpatch: properly check size in
    bgpd/bgp_ecommunity.c.
  - CVE-2011-3327
13 of 3 results FirstPreviousNextLast