[Secure-testing-team] Bug#594262: quagga: Two BGP security problems fixed in 0.99.17
Christian Hammers
ch at debian.org
Tue Aug 24 23:08:23 UTC 2010
Package: quagga
Version: 0.99.16
Severity: grave
Tags: security
Justification: user security hole
The release notes of quagga 0.99.17 on
http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 mention that:
"This release provides two important bugfixes, which address remote crash
possibility in bgpd discovered by CROSS team. "
CVE IDs have already been requested by someone from RedHat on oss-security:
http://marc.info/?l=oss-security&m=128265627617285&w=2 but not yet been
granted.
Meanwhile I upload 0.99.17 to sid and ask if 0.99.10 (lenny) is affected and if
there's a 0.99.16 backport for the frozen squeeze.
bye,
-christian-
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages quagga depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii iproute 20100519-3 networking and traffic control too
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libpam0g 1.1.1-4 Pluggable Authentication Modules l
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libreadline6 6.1-3 GNU readline and history libraries
ii logrotate 3.7.8-6 Log rotation utility
quagga recommends no packages.
Versions of packages quagga suggests:
ii snmpd 5.4.3~dfsg-1 SNMP (Simple Network Management Pr
More information about the Secure-testing-team
mailing list