Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 174206
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 174206 depends on: Show dependency tree
Bug 174206 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-04-11 20:10 0000 
2007-04-08: Security: DoS in bgpd if configured peer sends crafted packet 
The bgpd daemon is vulnerable to a Denial-of-Service. Configured peers may
cause a Quagga bgpd to, typically, assert() and abort. The DoS may be triggered
by peers by sending an UPDATE message with a crafted, malformed Multi-Protocol
reachable/unreachable NLRI attribute. Further details, and a proposed fix for
Quagga 0.99 are available in Bug #354.

------- Comment #1 From Alin Năstac 2007-04-12 07:41:11 0000 ------- 
Fixed in quagga-0.98.6-r2 and quagga-0.99.6-r1.

Only quagga-0.98.6-r2 needs to be stabilized, the other being the development
version (has only ~arch keywords).

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-04-12 09:21:56 0000 ------- 
Arches please test and mark stable. Target keywords are:

quagga-0.98.6-r2.ebuild:KEYWORDS="alpha ~amd64 ~arm hppa ppc ~s390 sparc x86"

------- Comment #3 From Christian Faulhammer 2007-04-12 10:35:29 0000 ------- 
x86 stable

------- Comment #4 From Jeroen Roovers 2007-04-12 21:13:18 0000 ------- 
Stable for HPPA.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2007-04-13 14:42:16 0000 ------- 
sparc stable.

------- Comment #6 From Tobias Scherbaum 2007-04-13 16:32:44 0000 ------- 
ppc stable

------- Comment #7 From Jose Luis Rivero (yoswink) 2007-04-14 14:28:35 0000 ------- 
alpha stable. security, ready for you guys.

------- Comment #8 From Sune Kloppenborg Jeppesen 2007-04-14 14:51:08 0000 ------- 
This one is ready for GLSA decision. I tend to vote NO.

------- Comment #9 From Daniel Black 2007-04-20 09:28:17 0000 ------- 
no here too.

------- Comment #10 From Matthias Geerdsen 2007-04-23 15:23:07 0000 ------- 
kinda tend to vote yes

------- Comment #11 From Raphael Marichez 2007-04-23 20:01:05 0000 ------- 
i vote yes since the issue seems not so difficult to trigger. Let's have one
then.

------- Comment #12 From Raphael Marichez 2007-04-27 21:45:58 0000 ------- 
(In reply to comment #7)
> alpha stable. security, ready for you guys.
> 

errr.. don't forget to commit it :)

------- Comment #13 From Jose Luis Rivero (yoswink) 2007-04-30 09:02:58 0000 ------- 
(In reply to comment #12)
> (In reply to comment #7)
> > alpha stable. security, ready for you guys.
> > 
> 
> errr.. don't forget to commit it :)
> 

Grrr .... Sorry guys, I was on holidays. Now it's done.

------- Comment #14 From Sune Kloppenborg Jeppesen 2007-05-02 11:34:16 0000 ------- 
GLSA 200705-05
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug