quagga security update tracking bug
Bug #994169 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
quagga (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Natty |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Oneiric |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
This bug is for tracking the quagga security update:
- Denial of service via short Link State Update packet
- Denial of service via short network-LSA link-state advertisement
- Denial of service via malformed Four-octet AS Number Capability
- CVE-2012-0249
- CVE-2012-0250
- CVE-2012-0255
visibility: | private → public |
Changed in quagga (Ubuntu Quantal): | |
status: | New → Fix Released |
Changed in quagga (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in quagga (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in quagga (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in quagga (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in quagga (Ubuntu Lucid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in quagga (Ubuntu Natty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in quagga (Ubuntu Oneiric): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in quagga (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in quagga (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in quagga (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in quagga (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in quagga (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in quagga (Ubuntu Quantal): | |
importance: | Undecided → Medium |
To post a comment you must log in.
This bug was fixed in the package quagga - 0.99.20. 1-0ubuntu0. 12.04.2
--------------- 1-0ubuntu0. 12.04.2) precise-security; urgency=low
quagga (0.99.20.
* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues patches/ 99_bgpd- fix-memory- leak-for- extra-attribute s.diff:
(LP: #994169)
- Denial of service via short Link State Update packet
- Denial of service via short network-LSA link-state advertisement
- Denial of service via malformed Four-octet AS Number Capability
- CVE-2012-0249
- CVE-2012-0250
- CVE-2012-0255
* debian/
added fix for a bgpd memory leak related to extra attributes. Thanks to
Debian for the regression fix.
-- Marc Deslauriers <email address hidden> Sat, 05 May 2012 17:00:30 -0400