-
quagga (0.99.10-1lenny6) lenny-security; urgency=high
* SECURITY:
This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
- The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
modified Database Description and Link State Update messages,
respectively, can result in denial of service in IPv6 routing.
- The vulnerability CVE-2011-3325 is a denial of service vulnerability
related to Hello message handling by the OSPF service. As Hello messages
are used to initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established adjacency.
A malformed packet may result in denial of service in IPv4 routing.
- The vulnerability CVE-2011-3326 results from the handling of LSA (Link
State Advertisement) states in the OSPF service. Receiving a modified
Link State Update message with malicious state information can result in
denial of service in IPv4 routing.
- The vulnerability CVE-2011-3327 is related to the extended communities
handling in BGP messages. Receiving a malformed BGP update can result in
a buffer overflow and disruption of IPv4 routing.
-- Florian Weimer <email address hidden> Sun, 02 Oct 2011 14:28:25 +0200
-
quagga (0.99.10-1lenny5) oldstable-security; urgency=high
* Fix crash in Extended Communities handling (CVE-2010-1674)
* Remove support for AS_PATHLIMIT (CVE-2010-1675)
* Fix format string issue in vty_hello
-- Florian Weimer <email address hidden> Mon, 21 Mar 2011 06:21:32 +0100
-
quagga (0.99.10-1lenny3) stable-security; urgency=high
* 99_segment_type_check: fix bgpd crash on invalid segment type (CVE-2010-2949) * 99_fix_confederation-1, 99_fix_confederation-2: fix confederations handling in bgpd, addressing a session reset issue * 99_route_refresh: tighten bounds checking in RR ORF msg reader (CVE-2010-2948) -- Florian Weimer <email address hidden> Thu, 02 Sep 2010 21:04:48 +0200
-
quagga (0.99.10-1lenny2) stable-security; urgency=high
* Apply patch from Chris Caputo to fix crash on certain AS4 BGP updates.
-- Florian Weimer <email address hidden> Mon, 04 May 2009 09:35:11 +0200
-
quagga (0.99.10-1lenny1) testing-proposed-updates; urgency=low
* Fixed bug that caused routes which were added externally, e.g. by
"ip route add", to be ignored by Quagga (thanks to Hannes Schulz).
Closes: #495232
-- Christian Hammers <email address hidden> Sun, 04 Jan 2009 20:08:28 +0100
-
quagga (0.99.10-1) unstable; urgency=medium
* New upstream release
+ bgpd: 4-Byte AS Number support
+ Sessions were incorrectly reset if a partial AS-Pathlimit attribute
was received.
+ Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been
broken in the 0.99.9 release. Closes: #467656
-- Christian Hammers <email address hidden> Tue, 08 Jul 2008 23:32:42 +0200
