quagga 0.99.20.1-0+squeeze5 source package in Debian
Changelog
quagga (0.99.20.1-0+squeeze5) oldstable-security; urgency=high * SECURITY: ospfd: CVE-2013-2236, stack overrun in apiserver the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads to an exploitable stack overflow. For this condition to occur, the following two conditions must be true: - Quagga is configured with --enable-opaque-lsa - ospfd is started with the "-a" command line option Closes: #726724 * Re-upload with corrected distribution. -- Christian Hammers <email address hidden> Sun, 24 Nov 2013 15:41:48 +0100
Upload details
- Uploaded by:
- Christian Hammers
- Uploaded to:
- Squeeze
- Original maintainer:
- Christian Hammers
- Architectures:
- any
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Squeeze | release | main | net |
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
quagga_0.99.20.1-0+squeeze5.dsc | 1.4 KiB | 95ac84cd02f7d51e8590477cde24944fdb4d3e17f364d104fe6d8f114e20871b |
quagga_0.99.20.1.orig.tar.bz2 | 1.7 MiB | 706eb760604e83a71c66591b7244cb497740334e2f16c42a8112036771ba0a0c |
quagga_0.99.20.1-0+squeeze5.debian.tar.gz | 39.1 KiB | 872a260504691cba82c3fc8c7dc4c70081c6aa9a6bd7666a495465e69854d8e5 |
No changes file available.