Ubuntu
quagga package

lp:ubuntu/dapper-security/quagga

Dapper (6.06)
dapper-security

Created by James Westby on 2009-06-27 and last modified on 2011-03-23

Get this branch:: bzr branch lp:ubuntu/dapper-security/quagga

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

11. By Marc Deslauriers on 2011-03-23: * SECURITY UPDATE: denial of service via malformed extended communities
  - debian/patches/99_quagga-extcom.dpatch: ignore malformed extended
    communities in bgpd/bgp_attr.c.
  - CVE-2010-1674
10. By Marc Deslauriers on 2010-11-11: * SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed Outbound Route Filtering (ORF) record
  - debian/patches/93_CVE-2010-2948.dpatch: improve bounds checking in
    bgpd/bgp_packet.c.
  - CVE-2010-2948
* SECURITY UPDATE: denial of service via unknown AS type
  - debian/patches/93_CVE-2010-2949.dpatch: check segment types and
    lengths in bgpd/bgp_aspath.c.
  - CVE-2010-2949
9. By Kees Cook on 2009-06-08: SECURITY UPDATE: fix regressions introduced by back-ported
4-byte ASN patch (LP: #384193).
8. By Kees Cook on 2009-05-06: * SECURITY UPDATE: denial of service with multiple AS numbers.
  - debian/patches/99_as4-crash-fix.dpatch: backported upstream fixes
    thanks to Chris Caputo and Florian Weimer.
  - CVE-2009-1572 (LP: #372757)
7. By Stephan Rügamer on 2007-09-14: * SECURITY UPDATE: A bgpd could be crashed if a peer sent a malformed
  OPEN message or a malformed COMMUNITY attribute. Only configured peers can
  do this.
* debian/patches/92_ubuntu_fix_dos_malformed_community.dpatch: patch to fix
  the DoS. Latest unstable debian package is 0.99.9 which fixes this
  upstream
* References: (LP: #139569)
  CVE-2007-4826
6. By Kees Cook on 2007-05-17: * SECURITY UPDATE: configured peers can cause denial of service.
* debian/patches/91_fix_peer_assert.dpatch: upstream fixes via Debian.
* References
CVE-2007-1995
5. By Martin Pitt on 2006-05-15: * SECURITY UPDATE: Remote route injection, authentication bypass, remote
  DoS.
* Add debian/patches/81_ripv1_injection.dpatch:
  - When RIPv2 authentication is required, disable RIPv1 or require
    authentication as well (remote attackers could get routing information
    by sending RIPv1 requests). [CVE-2006-2223]
  - Enforce RIPv2 authentication requirements (remote attackers could
    modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
  - Patch taken from CVS head, see
    http://bugzilla.quagga.net/show_bug.cgi?id=262
* Add debian/patches/82_sh_ip_bgp_loop.dpatch:
  - Fix infinite loop with special invalid 'sh ip bgp' command.
    [CVE-2006-2276]
  - Patch ported from 0.99.4.
4. By Scott James Remnant (Canonical) on 2006-04-19: Create /var/run/quagga with the correct permissions, missed as it's
hidden in a very messy preinst
3. By Scott James Remnant (Canonical) on 2006-04-10: Create /var/run/quagga in the init script if it doesn't exist.
2. By Christian Hammers on 2005-11-16: New upstream release
Closes: #330248, #175553

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/quagga

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuquagga package