-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt, CVE-2006-2276
-
Date:
2006-05-15 14:54:38 UTC
-
Revision ID:
james.westby@ubuntu.com-20060515145438-6liqq5ehtr1z24p2
Tags: 0.99.2-1ubuntu3
* SECURITY UPDATE: Remote route injection, authentication bypass, remote
DoS.
* Add debian/patches/81_ripv1_injection.dpatch:
- When RIPv2 authentication is required, disable RIPv1 or require
authentication as well (remote attackers could get routing information
by sending RIPv1 requests). [CVE-2006-2223]
- Enforce RIPv2 authentication requirements (remote attackers could
modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
- Patch taken from CVS head, see
http://bugzilla.quagga.net/show_bug.cgi?id=262
* Add debian/patches/82_sh_ip_bgp_loop.dpatch:
- Fix infinite loop with special invalid 'sh ip bgp' command.
[CVE-2006-2276]
- Patch ported from 0.99.4.