From ${URL} : A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, an attacker could use a crafted packet to crash the bgpd service. External References: http://openwall.com/lists/oss-security/2016/04/27/7 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ Maintainer(s): Please bump to v1.0.20161017 which does contain > commit 7da28be5bafb31af75f796abb04aa1d09276d66d > Author: Evgeny Uskov > Date: Wed Jan 13 13:58:00 2016 +0300 > > bgpd: Fix buffer overflow error in bgp_dump_routes_func > > Now if the number of entries for some prefix is too large, multiple > TABLE_DUMP_V2 records are created. In the previous version in such > situation bgpd crashed with SIGABRT. which will fix this vulnerability.
Quagga 1.0.20161017 was released on 17th October and contains only a handful of commits which are all fixes[1], so it would be really nice to have it updated. [1] https://savannah.nongnu.org/forum/forum.php?forum_id=8708
This vulnerability was fixed in currently unstable quagga-1.1-r1 Arches, please test and mark stable =net-misc/quagga-1.1-r1 Target keywords: alpha amd64 arm hppa ppc sparc x86
(In reply to Sergey Popov from comment #3) > This vulnerability was fixed in currently unstable quagga-1.1-r1 > > Arches, please test and mark stable =net-misc/quagga-1.1-r1 > > Target keywords: alpha amd64 arm hppa ppc sparc x86 Arches, please test and mark stable =net-misc/quagga-1.1.0-r1 Target keywords: alpha amd64 arm hppa ppc sparc x86
CVE-2016-4049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049): The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
An automated check of this bug failed - the following atom is unknown: net-misc/quagga-1.1-r1 Please verify the atom list.
Stable on alpha.
Stable on amd64.
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad net-misc/quagga/quagga-1.1.0-r1.ebuild: DEPEND: hppa(default/linux/hppa/13.0) ['dev-libs/protobuf:0='] > dependency.bad net-misc/quagga/quagga-1.1.0-r1.ebuild: RDEPEND: hppa(default/linux/hppa/13.0) ['dev-libs/protobuf:0=']
An automated check of this bug failed - the following atom is unknown: net-misc/quagga-1.1.0-r2 Please verify the atom list.
x86 stable
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad net-misc/quagga/quagga-1.1.0-r2.ebuild: DEPEND: hppa(default/linux/hppa/13.0) ['dev-libs/protobuf-c:0='] > dependency.bad net-misc/quagga/quagga-1.1.0-r2.ebuild: RDEPEND: hppa(default/linux/hppa/13.0) ['dev-libs/protobuf-c:0=']
arm stable
@ HPPA AT: You need to stabilize =dev-libs/protobuf-c-1.1.1 and =dev-libs/protobuf-2.6.1-r3 as well (bug 603430, added to this list because it looks like that the new stabilization bot helper doesn't recognize that the bug is only assigned to hppa).
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad dev-libs/protobuf/protobuf-2.6.1-r3.ebuild: DEPEND: hppa(default/linux/hppa/13.0) ['dev-python/google-apputils[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]']
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad dev-python/google-apputils/google-apputils-0.4.2-r1.ebuild: DEPEND: hppa(default/linux/hppa/13.0) ['>=dev-python/python-gflags-1.4[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]', 'dev-python/mox[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]'] > dependency.bad dev-python/google-apputils/google-apputils-0.4.2-r1.ebuild: RDEPEND: hppa(default/linux/hppa/13.0) ['>=dev-python/python-gflags-1.4[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]']
Stable for HPPA.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
This issue was resolved and addressed in GLSA 201701-48 at https://security.gentoo.org/glsa/201701-48 by GLSA coordinator Aaron Bauman (b-man).
reopened for cleanup. @maintainer, please clean the vulnerable version or let us know if a security mask is needed.
Cleanup is done, thanks guys