Debian
quagga package

quagga 0.99.22.4-1 source package in Debian

Changelog

quagga (0.99.22.4-1) unstable; urgency=high


  * SECURITY:
    "ospfd: CVE-2013-2236, stack overrun in apiserver

    the OSPF API-server (exporting the LSDB and allowing announcement of
    Opaque-LSAs) writes past the end of fixed on-stack buffers.  This leads
    to an exploitable stack overflow.
 
    For this condition to occur, the following two conditions must be true:
    - Quagga is configured with --enable-opaque-lsa
    - ospfd is started with the "-a" command line option
    
    If either of these does not hold, the relevant code is not executed and
    the issue does not get triggered."
    Closes: #726724
   
  * New upstream release
    - ospfd: protect vs. VU#229804 (malformed Router-LSA)
      (Quagga is said to be non-vulnerable but still adds some protection)

 -- Christian Hammers <email address hidden>  Thu, 24 Oct 2013 22:58:37 +0200

Upload details

Uploaded by:
Christian Hammers
Uploaded to:
Sid
Original maintainer:
Christian Hammers
Architectures:
any all
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
quagga_0.99.22.4-1.dsc 1.4 KiB 55119296a031d02927069f08ee04a0818c482c276fdfcbcdcaecb35f4fb040d5
quagga_0.99.22.4.orig.tar.gz 2.2 MiB cbe48d5cc57bbaa07cfd8362ba598447dc94aa866ddc5794e57172709d36ba79
quagga_0.99.22.4-1.debian.tar.gz 38.8 KiB 64e2ca7fc664f606f6ffba38400639a8be05f4d623f43c260a6ba27f6e6f89dc

Available diffs

No changes file available.

Binary packages built by this source