quagga 0.99.22.4-1 source package in Ubuntu
Changelog
quagga (0.99.22.4-1) unstable; urgency=high
* SECURITY:
"ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
If either of these does not hold, the relevant code is not executed and
the issue does not get triggered."
Closes: #726724
* New upstream release
- ospfd: protect vs. VU#229804 (malformed Router-LSA)
(Quagga is said to be non-vulnerable but still adds some protection)
-- Christian Hammers <email address hidden> Thu, 24 Oct 2013 22:58:37 +0200
Upload details
- Uploaded by:
- Christian Hammers
- Uploaded to:
- Sid
- Original maintainer:
- Christian Hammers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| quagga_0.99.22.4-1.dsc | 1.4 KiB | 55119296a031d02927069f08ee04a0818c482c276fdfcbcdcaecb35f4fb040d5 |
| quagga_0.99.22.4.orig.tar.gz | 2.2 MiB | cbe48d5cc57bbaa07cfd8362ba598447dc94aa866ddc5794e57172709d36ba79 |
| quagga_0.99.22.4-1.debian.tar.gz | 38.8 KiB | 64e2ca7fc664f606f6ffba38400639a8be05f4d623f43c260a6ba27f6e6f89dc |
Available diffs
- diff from 0.99.22.1-2 to 0.99.22.4-1 (10.7 KiB)
No changes file available.
Binary packages built by this source
- quagga: BGP/OSPF/RIP routing daemon
GNU Quagga is free software which manages TCP/IP based routing protocols.
It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as
well as the IPv6 versions of these.
.
As the predecessor Zebra has been considered orphaned, the Quagga project
has been formed by members of the zebra mailing list and the former
zebra-pj project to continue developing.
.
Quagga uses threading if the kernel supports it, but can also run on
kernels that do not support threading. Each protocol has its own daemon.
.
It is more than a routed replacement, it can be used as a Route Server and
a Route Reflector.
- quagga-dbg: BGP/OSPF/RIP routing daemon (debug symbols)
This package provides debugging symbols for all binary packages built from
quagga source package. It's highly recommended to have this package installed
before reporting any Quagga crashes to either Quagga developers or Debian
package maintainers.
- quagga-doc: documentation files for quagga
This package includes info files for quagga, a free software which manages
TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3,
IS-IS, RIPv1, RIPv2, and RIPng as well as the IPv6 versions of these.
