[ubuntu/bionic-proposed] quagga 1.2.2-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 7 15:07:18 UTC 2018 

quagga (1.2.2-1ubuntu1) bionic; urgency=medium

  * SECURITY UPDATE: missing bounds check on NOTIFY data
    - debian/patches/Quagga-2018-0543.patch: use proper length in
      bgpd/bgp_attr.c.
    - CVE-2018-5378
  * SECURITY UPDATE: DoS and possible code execution via double-free
    - debian/patches/Quagga-2018-1114.patch: fix double-free in
      bgpd/bgp_attr.c, bgpd/bgp_attr.h.
    - CVE-2018-5379
  * SECURITY UPDATE: code-to-string conversion table overrun
    - debian/patches/Quagga-2018-1550.patch: limit size in
      bgpd/bgp_debug.c.
    - CVE-2018-5380
  * SECURITY UPDATE: hang via invalid OPEN message
    - debian/patches/Quagga-2018-1975.patch: fix infinite loop in
      bgpd/bgp_packet.c.
    - CVE-2018-5381

Date: Wed, 07 Mar 2018 15:47:11 +0100
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/quagga/1.2.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Mar 2018 15:47:11 +0100
Source: quagga
Binary: quagga quagga-core quagga-doc quagga-bgpd quagga-isisd quagga-ospf6d quagga-ospfd quagga-pimd quagga-ripd quagga-ripngd
Architecture: source
Version: 1.2.2-1ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 quagga     - network routing daemons (metapackage)
 quagga-bgpd - BGP4/BGP4+ routing daemon
 quagga-core - network routing daemons (core abstraction layer)
 quagga-doc - network routing daemons (documentation)
 quagga-isisd - IS-IS routing daemon
 quagga-ospf6d - OSPF6 routing daemon
 quagga-ospfd - OSPF routing daemon
 quagga-pimd - PIM routing daemon
 quagga-ripd - RIPv1 routing daemon
 quagga-ripngd - RIPng routing daemon
Changes:
 quagga (1.2.2-1ubuntu1) bionic; urgency=medium
 .
   * SECURITY UPDATE: missing bounds check on NOTIFY data
     - debian/patches/Quagga-2018-0543.patch: use proper length in
       bgpd/bgp_attr.c.
     - CVE-2018-5378
   * SECURITY UPDATE: DoS and possible code execution via double-free
     - debian/patches/Quagga-2018-1114.patch: fix double-free in
       bgpd/bgp_attr.c, bgpd/bgp_attr.h.
     - CVE-2018-5379
   * SECURITY UPDATE: code-to-string conversion table overrun
     - debian/patches/Quagga-2018-1550.patch: limit size in
       bgpd/bgp_debug.c.
     - CVE-2018-5380
   * SECURITY UPDATE: hang via invalid OPEN message
     - debian/patches/Quagga-2018-1975.patch: fix infinite loop in
       bgpd/bgp_packet.c.
     - CVE-2018-5381
Checksums-Sha1:
 ee8b786473bfbec2f4828a4d6d41ecef5fcfe5c7 2643 quagga_1.2.2-1ubuntu1.dsc
 361c0ce991558c1a236af987d34e4a8c6382b4b0 36200 quagga_1.2.2-1ubuntu1.debian.tar.xz
 e47dc0bf1880729fb2f5d071db1aeaf871dc85d9 10060 quagga_1.2.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 6e7cae2a0389a9694fc4e956f7e3aaac19f2df944b008d5c8026a194215f4ea1 2643 quagga_1.2.2-1ubuntu1.dsc
 6ee5b683de8a2ec01550ec98732d9957e4afabb293033e7cc7e24d6c34806de2 36200 quagga_1.2.2-1ubuntu1.debian.tar.xz
 a61b41258c6024dee480fab0e2e9579e4b98d94594ccc2211261617a0704ddfc 10060 quagga_1.2.2-1ubuntu1_source.buildinfo
Files:
 dfa010560b58944be6f5537e5d0d2137 2643 net optional quagga_1.2.2-1ubuntu1.dsc
 85c389e9403b2026ac9edc8b4bd31909 36200 net optional quagga_1.2.2-1ubuntu1.debian.tar.xz
 cae8f9bf2645b1c4eb72999e2f22047a 10060 net optional quagga_1.2.2-1ubuntu1_source.buildinfo
Original-Maintainer: Scott Leggett <scott at sl.id.au>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJan/23AAoJEGVp2FWnRL6T1E4P/39nk2+dk4zYCImDCFbTOqsd
4id8z8towMVnd42evTCQMpSkdIbgETfQWdRQ7wYDNXRpSsBlcdj9xbc+Ox1eAtgh
TCodYZbayMUyRIJC0eSrdNRnjscpZY50P+wAgm7+6ij85cX+Ji60gKzm/pKYGi6z
7VotlK5lV/kSKmoa4sVbvfhWtbbTmKPDIY0gBo3IRntB+jmQ1DGQk5YlCxqjDx4/
vRG3lBfOsngHbO7ESII09AWLP45+B6/lYICjVnhEIHMUpTfmn76D4OKV/C0uvac/
eii4YSrwt4WQA/+yynlNAvRbMmim/AxYIUKuecQTghlcFjktLgshJ4TOiiOMn4vS
dMPIaoGjyTtq+ScyYBJ6DqaUlMLCaGukBwe2tZycu2D1JoH3xG7T3Cnm4gQSpr9G
ehsHZMDa+9qyOwCA30sYyhdzEe5HXKj2h3hBP4pWVG//GuPbgkuRR2lA2xZgPg2m
Eu0nHp3LrwKhcr9YH7AysRhH525KEd3QIxpmIYcGBlghihSIeyWSdDn9MwoQ7B+G
G30lBE9sO69iKhEgemjlwGgC0M4l3LUk8qb6tosc9UlfU/NrhL/V1ExuGnEVMHEy
wExdga6dTMiTVOvXQBUDwjHGSJT2BQpO3p1iR6X5z+hsJXtzh8+Wa+8if5j7Rfmk
gspYdDKuPDkGU3TJcyeo
=sFpM
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list