lp:ubuntu/dapper-security/quagga
- Get this branch:
- bzr branch lp:ubuntu/dapper-security/quagga
Branch merges
Branch information
Recent revisions
- 11. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed extended communities
- debian/patches/ 99_quagga- extcom. dpatch: ignore malformed extended
communities in bgpd/bgp_attr.c.
- CVE-2010-1674 - 10. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via malformed Outbound Route Filtering (ORF) record
- debian/patches/ 93_CVE- 2010-2948. dpatch: improve bounds checking in
bgpd/bgp_packet. c.
- CVE-2010-2948
* SECURITY UPDATE: denial of service via unknown AS type
- debian/patches/ 93_CVE- 2010-2949. dpatch: check segment types and
lengths in bgpd/bgp_aspath.c.
- CVE-2010-2949 - 9. By Kees Cook
-
SECURITY UPDATE: fix regressions introduced by back-ported
4-byte ASN patch (LP: #384193). - 8. By Kees Cook
-
* SECURITY UPDATE: denial of service with multiple AS numbers.
- debian/patches/ 99_as4- crash-fix. dpatch: backported upstream fixes
thanks to Chris Caputo and Florian Weimer.
- CVE-2009-1572 (LP: #372757) - 7. By Stephan RĂ¼gamer
-
* SECURITY UPDATE: A bgpd could be crashed if a peer sent a malformed
OPEN message or a malformed COMMUNITY attribute. Only configured peers can
do this.
* debian/patches/ 92_ubuntu_ fix_dos_ malformed_ community. dpatch: patch to fix
the DoS. Latest unstable debian package is 0.99.9 which fixes this
upstream
* References: (LP: #139569)
CVE-2007-4826 - 6. By Kees Cook
-
* SECURITY UPDATE: configured peers can cause denial of service.
* debian/patches/ 91_fix_ peer_assert. dpatch: upstream fixes via Debian.
* References
CVE-2007-1995 - 5. By Martin Pitt
-
* SECURITY UPDATE: Remote route injection, authentication bypass, remote
DoS.
* Add debian/patches/ 81_ripv1_ injection. dpatch:
- When RIPv2 authentication is required, disable RIPv1 or require
authentication as well (remote attackers could get routing information
by sending RIPv1 requests). [CVE-2006-2223]
- Enforce RIPv2 authentication requirements (remote attackers could
modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
- Patch taken from CVS head, see
http://bugzilla. quagga. net/show_ bug.cgi? id=262
* Add debian/patches/ 82_sh_ip_ bgp_loop. dpatch:
- Fix infinite loop with special invalid 'sh ip bgp' command.
[CVE-2006-2276]
- Patch ported from 0.99.4. - 4. By Scott James Remnant (Canonical)
-
Create /var/run/quagga with the correct permissions, missed as it's
hidden in a very messy preinst - 3. By Scott James Remnant (Canonical)
-
Create /var/run/quagga in the init script if it doesn't exist.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/quagga