Debian Bug report logs - #676510
CVE-2012-1820: DoS in BGP

version graph

Package: quagga; Maintainer for quagga is Christian Hammers <ch@debian.org>; Source for quagga is src:quagga.

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Thu, 7 Jun 2012 13:27:02 UTC

Severity: grave

Tags: security

Fixed in versions quagga/0.99.21-3, quagga/0.99.20.1-0+squeeze3

Done: Christian Hammers <ch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Christian Hammers <ch@debian.org>:
Bug#676510; Package quagga. (Thu, 07 Jun 2012 13:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Christian Hammers <ch@debian.org>. (Thu, 07 Jun 2012 13:27:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-1820: DoS in BGP
Date: Thu, 07 Jun 2012 15:22:34 +0200
Package: quagga
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1820 for
details and a patch.

Cheers,
        Moritz




Reply sent to Christian Hammers <ch@debian.org>:
You have taken responsibility. (Fri, 08 Jun 2012 00:06:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Fri, 08 Jun 2012 00:06:03 GMT) Full text and rfc822 format available.

Message #10 received at 676510-close@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: 676510-close@bugs.debian.org
Subject: Bug#676510: fixed in quagga 0.99.21-3
Date: Fri, 08 Jun 2012 00:03:53 +0000
Source: quagga
Source-Version: 0.99.21-3

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:

quagga-dbg_0.99.21-3_amd64.deb
  to main/q/quagga/quagga-dbg_0.99.21-3_amd64.deb
quagga-doc_0.99.21-3_all.deb
  to main/q/quagga/quagga-doc_0.99.21-3_all.deb
quagga_0.99.21-3.debian.tar.gz
  to main/q/quagga/quagga_0.99.21-3.debian.tar.gz
quagga_0.99.21-3.dsc
  to main/q/quagga/quagga_0.99.21-3.dsc
quagga_0.99.21-3_amd64.deb
  to main/q/quagga/quagga_0.99.21-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 676510@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 08 Jun 2012 01:15:32 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.21-3
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 676510
Changes: 
 quagga (0.99.21-3) unstable; urgency=high
 .
   * SECURITY:
     CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
     A denial-of-service condition could be caused by an attacker controlling
     one of the pre-configured BGP peers. In most cases this means, that the
     attack must be originated from an adjacent network. Closes: #676510
Checksums-Sha1: 
 10365fa085747bfd8d269429388f9ed206736861 1434 quagga_0.99.21-3.dsc
 56387fc02f2d9d304e50575b47073be746595229 39087 quagga_0.99.21-3.debian.tar.gz
 2744e5c0155b82c3d748fe30ae5dddc3da834f20 1707946 quagga_0.99.21-3_amd64.deb
 be5cff3e6a304ff2a511dd80c1beec8f3bd14d31 2500786 quagga-dbg_0.99.21-3_amd64.deb
 6914053ac48b0ad476a7ccb3ee778ddfaaf2a360 645080 quagga-doc_0.99.21-3_all.deb
Checksums-Sha256: 
 43452d259b6864e30cf56aba1cc0e0d979a3c383551dc6140680b6ca99df6543 1434 quagga_0.99.21-3.dsc
 e412312efa9635d65bdcd62140600b9326f4d35b23fd199a3dc124542f98a644 39087 quagga_0.99.21-3.debian.tar.gz
 3bba73189f0f081592771cdddf3ba1accdeaf09711467272c8e5e5581fa94bb6 1707946 quagga_0.99.21-3_amd64.deb
 9d1621d839648205e6280a3b00013c5e34d8089738580915d2168e28965bc843 2500786 quagga-dbg_0.99.21-3_amd64.deb
 d462367883849add437629084047efca6428923b45ec9a1b2d13f24c75ed1396 645080 quagga-doc_0.99.21-3_all.deb
Files: 
 bf0a87b64d83a71c2edfe65d52da2f9c 1434 net optional quagga_0.99.21-3.dsc
 fda2e4b4ceed964aa270b92685e9de43 39087 net optional quagga_0.99.21-3.debian.tar.gz
 da85822a4300b91986cb677ee1127feb 1707946 net optional quagga_0.99.21-3_amd64.deb
 e623d24b662c3560aff7a46b9d7aacc9 2500786 debug extra quagga-dbg_0.99.21-3_amd64.deb
 3ffda7f77eb335724ac00bb03c42f435 645080 net optional quagga-doc_0.99.21-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/RPDwACgkQkR9K5oahGObkfgCfXt0FCzInncou+oe7lkYwxjKQ
n/0An0lylESWuFTBr1TEHAAeXGECMME4
=rMqf
-----END PGP SIGNATURE-----





Reply sent to Christian Hammers <ch@debian.org>:
You have taken responsibility. (Sat, 23 Jun 2012 09:48:54 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 23 Jun 2012 09:49:18 GMT) Full text and rfc822 format available.

Message #15 received at 676510-close@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: 676510-close@bugs.debian.org
Subject: Bug#676510: fixed in quagga 0.99.20.1-0+squeeze3
Date: Sat, 23 Jun 2012 09:47:14 +0000
Source: quagga
Source-Version: 0.99.20.1-0+squeeze3

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:

quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
  to main/q/quagga/quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
quagga-doc_0.99.20.1-0+squeeze3_all.deb
  to main/q/quagga/quagga-doc_0.99.20.1-0+squeeze3_all.deb
quagga_0.99.20.1-0+squeeze3.debian.tar.gz
  to main/q/quagga/quagga_0.99.20.1-0+squeeze3.debian.tar.gz
quagga_0.99.20.1-0+squeeze3.dsc
  to main/q/quagga/quagga_0.99.20.1-0+squeeze3.dsc
quagga_0.99.20.1-0+squeeze3_amd64.deb
  to main/q/quagga/quagga_0.99.20.1-0+squeeze3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 676510@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 08 Jun 2012 01:27:32 +0200
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: source amd64 all
Version: 0.99.20.1-0+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Closes: 676510
Changes: 
 quagga (0.99.20.1-0+squeeze3) stable-security; urgency=high
 .
   * SECURITY:
     CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling.
     A denial-of-service condition could be caused by an attacker controlling
     one of the pre-configured BGP peers. In most cases this means, that the
     attack must be originated from an adjacent network. Closes: #676510
Checksums-Sha1: 
 1e0f077f4b4e61c535da2838f73094ce7c87d646 1386 quagga_0.99.20.1-0+squeeze3.dsc
 2b1c1f5e6ea3621a46ab6a52f324bbeef66cbbf6 38019 quagga_0.99.20.1-0+squeeze3.debian.tar.gz
 086ee3e0b28cd2317df464c93162ec9f5822f7a8 1738488 quagga_0.99.20.1-0+squeeze3_amd64.deb
 2bc3278b39b4e9645425b2b6620f826be3d8f552 1749788 quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
 c5f9338a9ab580b7a12f3faeda1bdfcb72187504 641572 quagga-doc_0.99.20.1-0+squeeze3_all.deb
Checksums-Sha256: 
 d4ef6091ba963199766c5b636a32410cf4d139ad67000066b5146e2ebaa02546 1386 quagga_0.99.20.1-0+squeeze3.dsc
 a15951f49d03a6391a7832b7e4de7dd3690f581e3249cfa980a1c31f35a2ac15 38019 quagga_0.99.20.1-0+squeeze3.debian.tar.gz
 bf23426eaee868143b1fca219e0ce61f131c0ae63b3d256f0dc88e9584e38919 1738488 quagga_0.99.20.1-0+squeeze3_amd64.deb
 a967ab933162fd2fcbaa4a5c6920665c71eee1d131510da78579611d1d361b47 1749788 quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
 c8344e82259dee89811b1a32ef696e4dfc09becd82b312a17909adef17f9286b 641572 quagga-doc_0.99.20.1-0+squeeze3_all.deb
Files: 
 d07cf429204ef108dad68ede75efbfde 1386 net optional quagga_0.99.20.1-0+squeeze3.dsc
 53903880ec930e760ddcf5f7f08c15bf 38019 net optional quagga_0.99.20.1-0+squeeze3.debian.tar.gz
 4a230ca0394aab4d4d7668adbf1e0d3e 1738488 net optional quagga_0.99.20.1-0+squeeze3_amd64.deb
 4fb16c5e62007f7565662babea646aef 1749788 debug extra quagga-dbg_0.99.20.1-0+squeeze3_amd64.deb
 4cee75bbf540336482025e08c613ddc4 641572 net optional quagga-doc_0.99.20.1-0+squeeze3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP1YiAAAoJEL97/wQC1SS+/tUH/0BoESp/A/EVGvKq6qkyofAr
QJrjZvOazVWlrWFGd/HCFtWpG8+dBOA2oHVXzlkB8w/7yEmks1B464fj/Yjn1tq1
onMjUNItriNOUcBhT3GISH+G1g0CrwC0kqBhAtYMF9SLOVFIhPYaoJmfEQg5Ziqt
wbSffeQ4WA8uhB0mL01Z0OQIKp8o4dr5goW3kYbeM/8mKyasMoRlI4sruHpmzFSQ
/RPo3xbOzvb6vw+VYJTiTee0TUxTbcXNBRiwHOU98XUOyj0LnwDpX4pInUQDzfPN
mWhUvFyQArgO68WZ8xjJ9Qz+1vvunlJdT6i5CD62KuzZ5GhVwe8BMKToEd2/zII=
=84zQ
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 30 Sep 2012 07:26:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:12:40 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.