← Back to branch summary

~ubuntu-branches/ubuntu/lucid/quagga/lucid-updates

Viewing all changes in revision 25.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2011-10-07 12:38:37 UTC
  • Revision ID: package-import@ubuntu.com-20111007123837-a11lbv9vvw17fnaf
Tags: 0.99.15-1ubuntu0.3
* SECURITY UPDATE: arbitrary code execution via malformed Inter Area
  Prefix LSA
  - debian/patches/99_CVE-2011-3323.dpatch: check lengths in
    ospf6d/{ospf6_abr.h,ospf6_asbr.h,ospf6_intra.h,ospf6_lsa.h,
    ospf6_message.c,ospf6_message.h,ospf6_proto.h}
  - CVE-2011-3323
* SECURITY UPDATE: denial of sevice via crafted Link-State-Advertisement
  - debian/patches/99_CVE-2011-3324.dpatch: change assert to warning in
    ospf6d/ospf6_lsa.c.
  - CVE-2011-3324
* SECURITY UPDATE: denial of service via crafted Hello packet
  - debian/patches/99_CVE-2011-3325.dpatch: add extra checks to
    ospfd/ospf_packet.c.
  - CVE-2011-3325
* SECURITY UPDATE: denial of service via unknown Link-State-Advertisements
  types
  - debian/patches/99_CVE-2011-3326.dpatch: exit if LSA type is unknown
    in ospfd/ospf_flood.c.
  - CVE-2011-3326
* SECURITY UPDATE: arbitrary code execution via Extended Communities path
  attribute
  - debian/patches/99_CVE-2011-3327.dpatch: properly check size in
    bgpd/bgp_ecommunity.c.
  - CVE-2011-3327

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: