quagga 0.99.20.1-0+squeeze5 source package in Debian
Changelog
quagga (0.99.20.1-0+squeeze5) oldstable-security; urgency=high
* SECURITY:
ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
Closes: #726724
* Re-upload with corrected distribution.
-- Christian Hammers <email address hidden> Sun, 24 Nov 2013 15:41:48 +0100
Upload details
- Uploaded by:
- Christian Hammers
- Uploaded to:
- Squeeze
- Original maintainer:
- Christian Hammers
- Architectures:
- any
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Squeeze | release | main | net |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| quagga_0.99.20.1-0+squeeze5.dsc | 1.4 KiB | 95ac84cd02f7d51e8590477cde24944fdb4d3e17f364d104fe6d8f114e20871b |
| quagga_0.99.20.1.orig.tar.bz2 | 1.7 MiB | 706eb760604e83a71c66591b7244cb497740334e2f16c42a8112036771ba0a0c |
| quagga_0.99.20.1-0+squeeze5.debian.tar.gz | 39.1 KiB | 872a260504691cba82c3fc8c7dc4c70081c6aa9a6bd7666a495465e69854d8e5 |
No changes file available.
