SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for quagga-devel-0.99.9-1tr.i586.rpm :
Thu Sep 20 14:00:00 2007 Nived Gopalan 0.99.9-1tr
- New Upstream.
- SECURITY Fix: A vulnerability have been reported in Quagga, caused
due to bgpd improperly handling messages sent by peers. This can be
exploited to crash bgpd by sending a specially crafted \"OPEN\"
message with an invalid message length or an invalid parameter
length, or a specially crafted \"UPDATE\" message with a malformed
\"COMMUNITY\" attribute.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-4826 to this issue.

Thu May 3 14:00:00 2007 Nived Gopalan 0.99.7-1tr
- New Upstream.
- SECURITY Fix: Paul Jakma has reported a vulnerability in Quagga,
caused due to bgpd not checking the length information of the
\"MP_UNREACH_NLRI\" and \"MP_REACH_NLRI\" attributes. This can be
exploited to cause an assertion error or out of bounds read by
sending a specially crafted UPDATE message.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-1995 to this issue.

Tue Jun 27 14:00:00 2006 Bipin S 0.98.6-2tr
- Added condition checking for %preun. Bug #1820.

Tue May 23 14:00:00 2006 Nived Gopalan 0.98.6-1tr
- New Upstream.
- SECURITY Fix: Konstantin V. Gavrilenko has reported two security issues
in Quagga, which can be exploited by malicious people to bypass certain
security restrictions and to disclose system information.
- An error in RIPd does not properly implement configurations that 1)
disable RIPv1 or 2) require plaintext or MD5 authentication. This allows
remote attackers to obtain sensitive information via REQUEST packets
such as SEND UPDATE.
- An error in RIPd does not properly enforce RIPv2 authentication
requirements. This allows remote attackers to modify routing state via
RIPv1 RESPONSE packets.
- Fredrik Widell has reported a vulnerability in Quagga caused due to an
infinite loop error in bgpd within the \"community_str2com()\" function.
This can be exploited to cause the process to consume large amounts of
CPU resources by issuing the \"sh ip bgp command\" command via the telnet
management interface.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2223, CVE-2006-2224 and CVE-2006-2276 to
these issues.

Tue Jan 17 13:00:00 2006 Ajith Thampi 0.98.5-2tr
- Rebuilt

Tue Sep 20 14:00:00 2005 Ajith Thampi 0.98.5-1tr
- Initial Entry into TSL 3.0


  
ICM