Viewing all changes in revision 5.
- Committer: Bazaar Package Importer
- Date: 2006-05-15 14:54:38 UTC
- Revision ID: james.westby@ubuntu.com-20060515145438-6liqq5ehtr1z24p2
* SECURITY UPDATE: Remote route injection, authentication bypass, remote
DoS.
* Add debian/patches/81_ripv1_injection.dpatch:
- When RIPv2 authentication is required, disable RIPv1 or require
authentication as well (remote attackers could get routing information
by sending RIPv1 requests). [CVE-2006-2223]
- Enforce RIPv2 authentication requirements (remote attackers could
modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
- Patch taken from CVS head, see
http://bugzilla.quagga.net/show_bug.cgi?id=262
* Add debian/patches/82_sh_ip_bgp_loop.dpatch:
- Fix infinite loop with special invalid 'sh ip bgp' command.
[CVE-2006-2276]
- Patch ported from 0.99.4.
DoS.
* Add debian/patches/81_ripv1_injection.dpatch:
- When RIPv2 authentication is required, disable RIPv1 or require
authentication as well (remote attackers could get routing information
by sending RIPv1 requests). [CVE-2006-2223]
- Enforce RIPv2 authentication requirements (remote attackers could
modify routing state via RIPv1 RESPONSE packets). [CVE-2006-2224]
- Patch taken from CVS head, see
http://bugzilla.quagga.net/show_bug.cgi?id=262
* Add debian/patches/82_sh_ip_bgp_loop.dpatch:
- Fix infinite loop with special invalid 'sh ip bgp' command.
[CVE-2006-2276]
- Patch ported from 0.99.4.
- files added:
- debian/patches/81_ripv1_injection.dpatch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
