|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-662-1 (quagga)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 662-1] quagga security update 


Date:
    	      Tue, 18 Oct 2016 13:11:41 +0100


Message-ID:
    	      <1476792701.725830.759547097.39B625E2@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : quagga
Version        : 0.99.22.4-1+wheezy3+deb7u1
CVE ID         : CVE-2016-1245
Debian Bug     : 841162

It was discovered that there was stack overrun in IPv6 RA receive code in
quagga, a BGP/OSPF/RIP routing daemon.

The buffer size specified when receiving mixed up two constants that have
different values.

For Debian 7 "Wheezy", this issue has been fixed in quagga version
0.99.22.4-1+wheezy3+deb7u1.

We recommend that you upgrade your quagga packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYBhFxAAoJEB6VPifUMR5YOpIP/175M0cSbS9m6VNzvRmmPbzP
eqfV4e1rFSkTATpdh8dw5UOjzSa8PG8EROpiL1DUxXQRvQ+vh/eEpBcYULOChzDo
bsQSIsV/Is6DiKVGezAVQn4O1Oqwwzm3u/YmzQnQlKZJh/7cscjL75cQnP+q0cdj
uy+fC2J4xoe3tUy2Bl9o8L+nM/V3OCDHNRjQFeT/7u6SfMix0bzMaINSNsbdb7kS
VM+PanwO3y6fsSVUFdf0cA/gdd8eEz/0o/9MKMkyTWQdU5mh6j76w9UTQiEpSqy+
14W4rx9MtdH8An3qy8iLmnQhVxrCbsJ1pFQnipkXfBawgPcgjB8Gw9hZ4Pn2BrtN
haUW0o+yNvKcVk59h12Lz3FkXvR9QIsGaWVJD+mM/2+s/SlOmmp/Iv+q6FgnoytM
XF5tj1eTHQhxJA/xz4T5poqYl3nL4mm5B0Tcsewl4oaTLHHgkDQiyDjHIxhi3AoL
5pjCqe7POrW4cADa7XNqNr5F5mDr6kLlnldEt2YGLkf+xACMhNkArl6wDy2XX2Is
b+J11In1Yh5nhgvwEl6ead9HUe3pNHcNY8isVZgVdKvj6+4s/TvdZp+PL/xDixEu
VjsvdquF63DCo2WhnhQcR658yP+Dd3Xal8VdioGnIwru/pIdQQRMZPPUromKHtI0
VVC/1leGkYvP63mR3L9V
=lKjc
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds