From secunia security advisory ad $URL: Description: 1) An error in ospf6d when handling the length of IPv6 prefix structures within Link State Update messages can be exploited to crash the daemon and disrupt IPv6 routing. 2) An assertion error in ospf6d when processing Database Description messages can be exploited to terminate the daemon and disrupt IPv6 routing. 3) An error in ospfd when processing Hello messages can be exploited to crash the daemon and disrupt IPv4 routing. 4) An error in ospfd when processing Link State Advertisement (LSA) types within Link State Update messages can be exploited to crash the daemon and disrupt IPv4 routing. 5) An error in bgpd when handling AS_PATH attributes within UPDATE messages can be exploited to cause a heap-based buffer overflow resulting in a crash of the daemon and disruption of IPv4 routing. Solution: Update to version 0.99.19
0.9.19 is in tree.
Thanks Diego. Arches, please test and mark stable: =net-misc/quagga-0.9.19 target KEYWORDS : "alpha amd64 arm hppa ppc s390 sparc x86"
is multiple compiling enough to test this package ?
I can give it a shot in a moment on amd64/hardened, but just with ripd.
Multiple compile tests ok for me on amd64
(In reply to comment #2) > Thanks Diego. > > Arches, please test and mark stable: > > =net-misc/quagga-0.9.19 That's 0.99.19, right? > target KEYWORDS : "alpha amd64 arm hppa ppc s390 sparc x86"
(In reply to comment #6) > That's 0.99.19, right? Yes, sorry for typo.
/etc.init.d/ripd and its symlinks hang running: [ "$(get_service_config log)" = "syslog" ] && \ use logger so caching service dependencies never finishes. I can't figure out what package get_service_config belongs to. # /lib/rc/sh/gendepends.sh [...] bacula-fd iuse dns bacula-sd bacula-sd ineed net bacula-sd iuse dns bgpd bgpd ineed zebra [ ..hangs.. ] Tue Sep 27 21:43:18 CEST 2011 Portage 2.1.10.19 (default/linux/hppa/10.0, gcc-4.4.6, glibc-2.12.2-r0, 3.0.4-JeR parisc) ================================================================= System Settings ================================================================= System uname: Linux-3.0.4-JeR-parisc-PA8700_-PCX-W2-with-gentoo-2.0.3 Timestamp of tree: Tue, 27 Sep 2011 15:15:01 +0000 distcc 3.1 hppa2.0-unknown-linux-gnu [enabled] app-shells/bash: 4.1_p9 dev-lang/python: 2.7.2-r3, 3.2.2 dev-util/cmake: 2.8.5-r2 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.3-r1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1, 2.21.1-r1 sys-devel/gcc: 4.4.5, 4.4.6-r1, 4.5.1-r1, 4.5.2, 4.5.3-r1 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers) sys-libs/glibc: 2.12.2 Repositories: gentoo JeR ACCEPT_KEYWORDS="hppa" ACCEPT_LICENSE="* -@EULA" CBUILD="hppa2.0-unknown-linux-gnu" CFLAGS="-mschedule=8000 -march=2.0 -ggdb -pipe -Wall -Wno-comment -O2" CHOST="hppa2.0-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/distcc/bin /usr/share/gnupg/qualified.txt /var/bind /var/spool/torque /var/www/localhost/htdocs/wordpress/wp-config.php" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.2/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.2/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.2/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-mschedule=8000 -march=2.0 -ggdb -pipe -Wall -Wno-comment -O2" DISTDIR="/world/distfiles" FEATURES="assume-digests binpkg-logs buildpkg distcc distlocks ebuild-locks fixlafiles fixpackages metadata-transfer news notitles parallel-fetch protect-owned sandbox sfperms splitdebug strict test test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv" FFLAGS="-mschedule=8000 -march=2.0 -ggdb -pipe -Wall -Wno-comment -O2" GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo/ http://mirror.netcologne.de/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gentoo.tiscali.nl/ " LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed" LINGUAS="en nl he" MAKEOPTS="-j6" PKGDIR="/keeps/gentoo/packages/elmer" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/mnt/alt" PORTDIR="/world/gentoo/portage" PORTDIR_OVERLAY="/keeps/gentoo/local" SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage" USE="7zip X Xaw3d a52 aac aalib abyss accessibility acl ads agg alsa amr amrnb amrwb ao aoss apis apng ares artist-screen asf ass assistant async asyncns audiofile audit automount avfs bash-completion berkdb bidi bittorrent bittorrent-external bl bluetooth bzip2 c++ cairo caps captury catalogs cblas cdb cdio cdr chardet cjk clarens cleartype cli colors contrast cpath cracklib crypt cue cups curl custom-cflags custom-cxxflags cxx dbi dbtool dbus designer designer-plugin device-mapper dga dia dirac directfb djbfft djvu domainkeys dri drm dts dv dvd dvdr dvdread ebook edl elf emacs enca encode esd examples exceptions exif expat extras facebook fam fame fastbuild fastcgi fbcon ffmpeg filter fits flac fluidsynth fontconfig foomaticdb fortran fpx frei0r ftp fts3 gadu galago games gcrypt gd gdbm geant4 geoip ggi gif gimp gimpprint glep glib glut gmp gnokii gnutls gphoto2 gpm gps gs gsl gsm gtk gtk2 gtkhtml guidexml guile hal hepmc hesiod hotpixels hppa hwdb i18n ical icecast iconv icu idea idn imagemagick imlib indi inotify inquisitio ipmi ipv6 isc ithreads jabber jack javascript jbig jingle jpeg jpeg2k judy kpathsea lame lapack lasi lastfmradio latex lcms ldap leim lensfun libass libcaca libffi libmms libotf libsamplerate libwww live logrotate logwatch lua lyrics-screen lzma lzo mad manhole matroska mbrola mem-scramble memcache metis mhash midi mikmod mmap mms mng modplug modules motif mozbranding mp3 mpg123 mpi mplayer mssql mudflap multislot musepack musicbrainz mysql nagios-dns nagios-game nagios-ntp nagios-ping nagios-ssh nas ncurses netpbm nettle network-cron nfconntrack nfs nls nntp nova nptl nptlonly nsplugin ntlm objc objc++ objc-gc offensive ogg openal openexr opengl openmp openssl optimization oss ots overlays pam pango pbs pch pcre pdf pdo-external perl php pipe plasma plotutils plugins png policykit portage portaudio postgres povray ppds pppd pulseaudio python pyzord qalculate qdbm qt3support qt4 quotas raw readline recode rle romio rpc rrdtool rtc rtmp ruby ruby18 samba sasl scale0tilt scanner scim sdl seamonkey secure-delete server session sid skk slang slp smi sms sndfile snmp soap song-screen soundex speex spell spoof-source sqlite srt srtp ssh ssl startup-notification strong-optimization subtitles subversion suhosin supernodal svg swat sysfs syslog system-sqlite talkfilters tcl tcpd test tftp tga theora threads thumbnail thunar-vfs tidy tiff timezone timidity tk tokyocabinet tools truetype tslib tunepimp twolame udev unicode unzip urandom usb userlocales utempter utf v4l v4l2 vanim vcd vidix vim-syntax vorbis watchdog wavpack webdav webinstall webp wildmidi winbind wlan wma wmf xanim xattr xcb xchattext xcomposite xetex xface xlisten xml xml2 xmp xmpi xnest xorg xpm xrandr xscreensaver xsettings xulrunner xv xvfb xvid xvmc zip zip-external zlib" ALSA_CARDS="ad1889 usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev joystick keyboard mouse acecad aiptek calcomp citron digitaledge dmc dynapro elo2300 elographics fpit hyperpen jamstudio magellan microtouch mutouch palmax penmount spaceorb summa tek4957 tslib ur98 wacom void" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en nl he" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="stifb fbdev none dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= sys-apps/openrc-0.9.3-r1 was built with the following: USE="ncurses pam test unicode -debug (-selinux)"
(In reply to comment #8) > I can't figure out what package get_service_config belongs to. Er, that's defined in the same script, of course. :) OK, so analysing further, the "log" feature has to be defined in every /etc/quagga/* configuration file matching /etc/init.d/ripd or one of its symlinks for service dep generation to properly work, even if you do not intend to ever run those services. I think this is a bug.
Index: files/quagga-services.init.2 =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-misc/quagga/files/quagga-services.init.2,v retrieving revision 1.1 diff -u -B -r1.1 quagga-services.init.2 --- files/quagga-services.init.2 27 Sep 2011 13:07:50 -0000 1.1 +++ files/quagga-services.init.2 27 Sep 2011 20:10:29 -0000 @@ -3,7 +3,7 @@ # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/quagga-services.init.2,v 1.1 2011/09/27 13:07:50 flameeyes Exp $ -: CFGFILE=/etc/quagga/${SVCNAME}.conf +CFGFILE=/etc/quagga/${SVCNAME}.conf get_service_config() { awk '$1 == "'$1'" { s=$2 } END { print s }' "$CFGFILE" This helps, but it still spits out these ugly error message: * Caching service dependencies ... awk: cmd. line:1: fatal: cannot open file `/etc/quagga/bgpd.conf' for reading (No such file or directory) awk: cmd. line:1: fatal: cannot open file `/etc/quagga/ospf6d.conf' for reading (No such file or directory) awk: cmd. line:1: fatal: cannot open file `/etc/quagga/ripd.conf' for reading (No such file or directory) awk: cmd. line:1: fatal: cannot open file `/etc/quagga/ripngd.conf' for reading (No such file or directory) Also, the same patch would need to be applied to the zebra init.d script.
Heck, thanks for catching that up, it worked here because the router had some stray old configs :(
Stable for HPPA. Arch teams, please test and mark stable: =net-misc/quagga-0.99.19-r1 Target KEYWORDS="alpha amd64 arm hppa ppc s390 sparc x86"
amd64: emerge pass
ppc stable
Looks like the 0.99.19 release has a DoS-able crash when trying to fix this issue, so we're expecting 0.99.20 today.
Okay 0.99.20 is in tree, which is stable target. HPPA and PPC are back in the game.
+ 30 Sep 2011; Steve Dibb <beandog@gentoo.org> quagga-0.99.20.ebuild: + amd64 stable, security bug 384651
x86 stable
alpha/arm/s390/sparc stable
Stable for HPPA.
ppc stable, last arch done
Thanks folks, adding glsa vote request.
Thanks, everyone. GLSA Vote: yes.
GLSA together with bug 334303, 359903 and 384651
This issue was resolved and addressed in GLSA 201202-02 at http://security.gentoo.org/glsa/glsa-201202-02.xml by GLSA coordinator Tim Sammut (underling).