Debian Bug report logs -
#676510
CVE-2012-1820: DoS in BGP
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 7 Jun 2012 13:27:02 UTC
Severity: grave
Tags: security
Fixed in versions quagga/0.99.21-3, quagga/0.99.20.1-0+squeeze3
Done: Christian Hammers <ch@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Christian Hammers <ch@debian.org>:
Bug#676510; Package quagga.
(Thu, 07 Jun 2012 13:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Christian Hammers <ch@debian.org>.
(Thu, 07 Jun 2012 13:27:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: quagga
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1820 for
details and a patch.
Cheers,
Moritz
Reply sent
to Christian Hammers <ch@debian.org>:
You have taken responsibility.
(Fri, 08 Jun 2012 00:06:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Fri, 08 Jun 2012 00:06:03 GMT) (full text, mbox, link).
Message #10 received at 676510-close@bugs.debian.org (full text, mbox, reply):
Source: quagga
Source-Version: 0.99.21-3
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:
quagga-dbg_0.99.21-3_amd64.deb
to main/q/quagga/quagga-dbg_0.99.21-3_amd64.deb
quagga-doc_0.99.21-3_all.deb
to main/q/quagga/quagga-doc_0.99.21-3_all.deb
quagga_0.99.21-3.debian.tar.gz
to main/q/quagga/quagga_0.99.21-3.debian.tar.gz
quagga_0.99.21-3.dsc
to main/q/quagga/quagga_0.99.21-3.dsc
quagga_0.99.21-3_amd64.deb
to main/q/quagga/quagga_0.99.21-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 676510@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Jun 2012 01:15:32 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.21-3
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description:
quagga - BGP/OSPF/RIP routing daemon
quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
quagga-doc - documentation files for quagga
Closes: 676510
Changes:
quagga (0.99.21-3) unstable; urgency=high
.
* SECURITY:
CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
A denial-of-service condition could be caused by an attacker controlling
one of the pre-configured BGP peers. In most cases this means, that the
attack must be originated from an adjacent network. Closes: #676510
Checksums-Sha1:
10365fa085747bfd8d269429388f9ed206736861 1434 quagga_0.99.21-3.dsc
56387fc02f2d9d304e50575b47073be746595229 39087 quagga_0.99.21-3.debian.tar.gz
2744e5c0155b82c3d748fe30ae5dddc3da834f20 1707946 quagga_0.99.21-3_amd64.deb
be5cff3e6a304ff2a511dd80c1beec8f3bd14d31 2500786 quagga-dbg_0.99.21-3_amd64.deb
6914053ac48b0ad476a7ccb3ee778ddfaaf2a360 645080 quagga-doc_0.99.21-3_all.deb
Checksums-Sha256:
43452d259b6864e30cf56aba1cc0e0d979a3c383551dc6140680b6ca99df6543 1434 quagga_0.99.21-3.dsc
e412312efa9635d65bdcd62140600b9326f4d35b23fd199a3dc124542f98a644 39087 quagga_0.99.21-3.debian.tar.gz
3bba73189f0f081592771cdddf3ba1accdeaf09711467272c8e5e5581fa94bb6 1707946 quagga_0.99.21-3_amd64.deb
9d1621d839648205e6280a3b00013c5e34d8089738580915d2168e28965bc843 2500786 quagga-dbg_0.99.21-3_amd64.deb
d462367883849add437629084047efca6428923b45ec9a1b2d13f24c75ed1396 645080 quagga-doc_0.99.21-3_all.deb
Files:
bf0a87b64d83a71c2edfe65d52da2f9c 1434 net optional quagga_0.99.21-3.dsc
fda2e4b4ceed964aa270b92685e9de43 39087 net optional quagga_0.99.21-3.debian.tar.gz
da85822a4300b91986cb677ee1127feb 1707946 net optional quagga_0.99.21-3_amd64.deb
e623d24b662c3560aff7a46b9d7aacc9 2500786 debug extra quagga-dbg_0.99.21-3_amd64.deb
3ffda7f77eb335724ac00bb03c42f435 645080 net optional quagga-doc_0.99.21-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/RPDwACgkQkR9K5oahGObkfgCfXt0FCzInncou+oe7lkYwxjKQ
n/0An0lylESWuFTBr1TEHAAeXGECMME4
=rMqf
-----END PGP SIGNATURE-----
Reply sent
to Christian Hammers <ch@debian.org>:
You have taken responsibility.
(Sat, 23 Jun 2012 09:48:54 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sat, 23 Jun 2012 09:49:18 GMT) (full text, mbox, link).
Message #15 received at 676510-close@bugs.debian.org (full text, mbox, reply):
Source: quagga
Source-Version: 0.99.20.1-0+squeeze3
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:
quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
to main/q/quagga/quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
quagga-doc_0.99.20.1-0+squeeze3_all.deb
to main/q/quagga/quagga-doc_0.99.20.1-0+squeeze3_all.deb
quagga_0.99.20.1-0+squeeze3.debian.tar.gz
to main/q/quagga/quagga_0.99.20.1-0+squeeze3.debian.tar.gz
quagga_0.99.20.1-0+squeeze3.dsc
to main/q/quagga/quagga_0.99.20.1-0+squeeze3.dsc
quagga_0.99.20.1-0+squeeze3_amd64.deb
to main/q/quagga/quagga_0.99.20.1-0+squeeze3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 676510@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Jun 2012 01:27:32 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.20.1-0+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description:
quagga - BGP/OSPF/RIP routing daemon
quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
quagga-doc - documentation files for quagga
Closes: 676510
Changes:
quagga (0.99.20.1-0+squeeze3) stable-security; urgency=high
.
* SECURITY:
CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
A denial-of-service condition could be caused by an attacker controlling
one of the pre-configured BGP peers. In most cases this means, that the
attack must be originated from an adjacent network. Closes: #676510
Checksums-Sha1:
1e0f077f4b4e61c535da2838f73094ce7c87d646 1386 quagga_0.99.20.1-0+squeeze3.dsc
2b1c1f5e6ea3621a46ab6a52f324bbeef66cbbf6 38019 quagga_0.99.20.1-0+squeeze3.debian.tar.gz
086ee3e0b28cd2317df464c93162ec9f5822f7a8 1738488 quagga_0.99.20.1-0+squeeze3_amd64.deb
2bc3278b39b4e9645425b2b6620f826be3d8f552 1749788 quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
c5f9338a9ab580b7a12f3faeda1bdfcb72187504 641572 quagga-doc_0.99.20.1-0+squeeze3_all.deb
Checksums-Sha256:
d4ef6091ba963199766c5b636a32410cf4d139ad67000066b5146e2ebaa02546 1386 quagga_0.99.20.1-0+squeeze3.dsc
a15951f49d03a6391a7832b7e4de7dd3690f581e3249cfa980a1c31f35a2ac15 38019 quagga_0.99.20.1-0+squeeze3.debian.tar.gz
bf23426eaee868143b1fca219e0ce61f131c0ae63b3d256f0dc88e9584e38919 1738488 quagga_0.99.20.1-0+squeeze3_amd64.deb
a967ab933162fd2fcbaa4a5c6920665c71eee1d131510da78579611d1d361b47 1749788 quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
c8344e82259dee89811b1a32ef696e4dfc09becd82b312a17909adef17f9286b 641572 quagga-doc_0.99.20.1-0+squeeze3_all.deb
Files:
d07cf429204ef108dad68ede75efbfde 1386 net optional quagga_0.99.20.1-0+squeeze3.dsc
53903880ec930e760ddcf5f7f08c15bf 38019 net optional quagga_0.99.20.1-0+squeeze3.debian.tar.gz
4a230ca0394aab4d4d7668adbf1e0d3e 1738488 net optional quagga_0.99.20.1-0+squeeze3_amd64.deb
4fb16c5e62007f7565662babea646aef 1749788 debug extra quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
4cee75bbf540336482025e08c613ddc4 641572 net optional quagga-doc_0.99.20.1-0+squeeze3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJP1YiAAAoJEL97/wQC1SS+/tUH/0BoESp/A/EVGvKq6qkyofAr
QJrjZvOazVWlrWFGd/HCFtWpG8+dBOA2oHVXzlkB8w/7yEmks1B464fj/Yjn1tq1
onMjUNItriNOUcBhT3GISH+G1g0CrwC0kqBhAtYMF9SLOVFIhPYaoJmfEQg5Ziqt
wbSffeQ4WA8uhB0mL01Z0OQIKp8o4dr5goW3kYbeM/8mKyasMoRlI4sruHpmzFSQ
/RPo3xbOzvb6vw+VYJTiTee0TUxTbcXNBRiwHOU98XUOyj0LnwDpX4pInUQDzfPN
mWhUvFyQArgO68WZ8xjJ9Qz+1vvunlJdT6i5CD62KuzZ5GhVwe8BMKToEd2/zII=
=84zQ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 30 Sep 2012 07:26:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:06:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon