Ubuntu
quagga package

quagga security update tracking bug

Precise (12.04)
Bug #994169

Bug #994169 reported by Marc Deslauriers on 2012-05-03

258

This bug affects 1 person

	Status	Importance	Assigned to
quagga (Ubuntu)	Fix Released	Medium	Unassigned
Lucid	Fix Released	Medium	Marc Deslauriers
Natty	Fix Released	Medium	Marc Deslauriers
Oneiric	Fix Released	Medium	Marc Deslauriers
Precise	Fix Released	Medium	Marc Deslauriers
Quantal	Fix Released	Medium	Unassigned

Bug Description

This bug is for tracking the quagga security update:

    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255

Related branches

lp:ubuntu/natty-security/quagga

lp:ubuntu/lucid-security/quagga

lp:ubuntu/precise-security/quagga

lp:ubuntu/oneiric-security/quagga

CVE References

Marc Deslauriers (mdeslaur) on 2012-05-03

visibility:	private → public
Changed in quagga (Ubuntu Quantal):
status:	New → Fix Released
Changed in quagga (Ubuntu Lucid):
status:	New → Confirmed
Changed in quagga (Ubuntu Natty):
status:	New → Confirmed
Changed in quagga (Ubuntu Oneiric):
status:	New → Confirmed
Changed in quagga (Ubuntu Precise):
status:	New → Confirmed
Changed in quagga (Ubuntu Lucid):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in quagga (Ubuntu Natty):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in quagga (Ubuntu Oneiric):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in quagga (Ubuntu Precise):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in quagga (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in quagga (Ubuntu Natty):
importance:	Undecided → Medium
Changed in quagga (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in quagga (Ubuntu Precise):
importance:	Undecided → Medium
Changed in quagga (Ubuntu Quantal):
importance:	Undecided → Medium

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-15:

This bug was fixed in the package quagga - 0.99.20.1-0ubuntu0.12.04.2

---------------
quagga (0.99.20.1-0ubuntu0.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues
    (LP: #994169)
    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255
  * debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
    added fix for a bgpd memory leak related to extra attributes. Thanks to
    Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 17:00:30 -0400

Changed in quagga (Ubuntu Precise):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-15:

This bug was fixed in the package quagga - 0.99.20.1-0ubuntu0.10.04.2

---------------
quagga (0.99.20.1-0ubuntu0.10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
    (LP: #994169)
    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255
  * debian/control, debian/rules: Remove quagga-dbg package for Lucid.
  * debian/rules: don't use autotools_dev for Lucid.
  * debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
    added fix for a bgpd memory leak related to extra attributes. Thanks to
    Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 19:21:02 -0400

Changed in quagga (Ubuntu Lucid):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-15:

This bug was fixed in the package quagga - 0.99.20.1-0ubuntu0.11.04.2

---------------
quagga (0.99.20.1-0ubuntu0.11.04.2) natty-security; urgency=low

  * SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
    (LP: #994169)
    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255
  * debian/control, debian/rules: Remove quagga-dbg package for Natty.
  * debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
    added fix for a bgpd memory leak related to extra attributes. Thanks to
    Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 18:41:01 -0400

Changed in quagga (Ubuntu Natty):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-15:

This bug was fixed in the package quagga - 0.99.20.1-0ubuntu0.11.10.2

---------------
quagga (0.99.20.1-0ubuntu0.11.10.2) oneiric-security; urgency=low

  * SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
    (LP: #994169)
    - Denial of service via short Link State Update packet
    - Denial of service via short network-LSA link-state advertisement
    - Denial of service via malformed Four-octet AS Number Capability
    - CVE-2012-0249
    - CVE-2012-0250
    - CVE-2012-0255
  * debian/control, debian/rules: Remove quagga-dbg package for Oneiric.
  * debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
    added fix for a bgpd memory leak related to extra attributes. Thanks to
    Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 17:03:18 -0400

Changed in quagga (Ubuntu Oneiric):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuquagga package

quagga security update tracking bug

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
quagga package