2007-04-08: Security: DoS in bgpd if configured peer sends crafted packet The bgpd daemon is vulnerable to a Denial-of-Service. Configured peers may cause a Quagga bgpd to, typically, assert() and abort. The DoS may be triggered by peers by sending an UPDATE message with a crafted, malformed Multi-Protocol reachable/unreachable NLRI attribute. Further details, and a proposed fix for Quagga 0.99 are available in Bug #354.
Fixed in quagga-0.98.6-r2 and quagga-0.99.6-r1. Only quagga-0.98.6-r2 needs to be stabilized, the other being the development version (has only ~arch keywords).
Arches please test and mark stable. Target keywords are: quagga-0.98.6-r2.ebuild:KEYWORDS="alpha ~amd64 ~arm hppa ppc ~s390 sparc x86"
x86 stable
Stable for HPPA.
sparc stable.
ppc stable
alpha stable. security, ready for you guys.
This one is ready for GLSA decision. I tend to vote NO.
no here too.
kinda tend to vote yes
i vote yes since the issue seems not so difficult to trigger. Let's have one then.
(In reply to comment #7) > alpha stable. security, ready for you guys. > errr.. don't forget to commit it :)
(In reply to comment #12) > (In reply to comment #7) > > alpha stable. security, ready for you guys. > > > > errr.. don't forget to commit it :) > Grrr .... Sorry guys, I was on holidays. Now it's done.
GLSA 200705-05