diff -u quagga-0.99.6/debian/changelog quagga-0.99.6/debian/changelog --- quagga-0.99.6/debian/changelog +++ quagga-0.99.6/debian/changelog @@ -1,3 +1,16 @@ +quagga (0.99.6-2ubuntu3.2) feisty-security; urgency=low + + * SECURITY UPDATE: A bgpd could be crashed if a peer sent a malformed + OPEN message or a malformed COMMUNITY attribute. Only configured peers can + do this. + * debian/patches/92_ubuntu_fix_dos_malformed_community.dpatch: patch to fix + the DoS. Latest unstable debian package is 0.99.9 which fixes this + upstream + * References: (LP: #139569) + CVE-2007-4826 + + -- Stephan Hermann Fri, 14 Sep 2007 14:31:48 +0200 + quagga (0.99.6-2ubuntu3.1) feisty-security; urgency=low * SECURITY UPDATE: configured peers can cause denial of service. only in patch2: unchanged: --- quagga-0.99.6.orig/debian/patches/92_ubuntu_fix_dos_malformed_community.dpatch +++ quagga-0.99.6/debian/patches/92_ubuntu_fix_dos_malformed_community.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 92_ubuntu_fix_dos_malformed_community.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad quagga-0.99.2~/bgpd/bgp_attr.c quagga-0.99.2/bgpd/bgp_attr.c +--- quagga-0.99.2~/bgpd/bgp_attr.c 2005-09-10 18:55:02.000000000 +0200 ++++ quagga-0.99.2/bgpd/bgp_attr.c 2007-09-14 11:43:32.192739650 +0200 +@@ -853,8 +853,11 @@ + bgp_attr_community (struct peer *peer, bgp_size_t length, + struct attr *attr, u_char flag) + { +- if (length == 0) ++ if (length == 0) ++ { + attr->community = NULL; ++ return 0; ++ } + else + { + attr->community = +diff -urNad quagga-0.99.2~/bgpd/bgp_community.c quagga-0.99.2/bgpd/bgp_community.c +--- quagga-0.99.2~/bgpd/bgp_community.c 2005-06-28 14:44:16.000000000 +0200 ++++ quagga-0.99.2/bgpd/bgp_community.c 2007-09-14 11:45:12.198438650 +0200 +@@ -206,6 +206,9 @@ + u_int16_t as; + u_int16_t val; + ++ if (!com) ++ return NULL; ++ + /* When communities attribute is empty. */ + if (com->size == 0) + { +@@ -377,6 +380,9 @@ + char * + community_str (struct community *com) + { ++ if (!com) ++ return NULL; ++ + if (! com->str) + com->str = community_com2str (com); + return com->str;