Information on source package quagga

Available versions

ReleaseVersion
wheezy0.99.22.4-1+wheezy2
wheezy (security)0.99.22.4-1+wheezy3+deb7u1
jessie (security)0.99.23.1-1+deb8u3
stretch1.1.1-3
buster1.1.1-3
sid1.1.1-3

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-5495vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAll versions of Quagga, 0.93 through 1.1.0, are vulnerable to an ...
CVE-2017-3224vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableOSPF implementation improperly determines LSA recency (VU#793496)

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2012-5521vulnerablevulnerablevulnerablevulnerablevulnerable

Resolved issues

BugDescription
CVE-2016-4049The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...
CVE-2016-4036The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux ...
CVE-2016-2342The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...
CVE-2016-1245It was discovered that the zebra daemon in Quagga before 1.0.20161017 ...
CVE-2013-6051The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not ...
CVE-2013-2236Stack-based buffer overflow in the new_msg_lsa_change_notify function ...
CVE-2013-0149The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 ...
CVE-2012-1820The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and ...
CVE-2012-0255The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...
CVE-2012-0250Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...
CVE-2012-0249Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...
CVE-2011-3327Heap-based buffer overflow in the ecommunity_ecom2str function in ...
CVE-2011-3326The ospf_flood function in ospf_flood.c in ospfd in Quagga before ...
CVE-2011-3325ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote ...
CVE-2011-3324The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 ...
CVE-2011-3323The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows ...
CVE-2010-2949bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...
CVE-2010-2948Stack-based buffer overflow in the bgp_route_refresh_receive function ...
CVE-2010-1675bgpd in Quagga before 0.99.18 allows remote attackers to cause a ...
CVE-2010-1674The extended-community parser in bgpd in Quagga before 0.99.18 allows ...
CVE-2009-1572The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote ...
CVE-2007-4826bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...
CVE-2007-1995bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...
CVE-2006-2276bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...
CVE-2006-2224RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...
CVE-2006-2223RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...
CVE-2003-0858Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...
CVE-2003-0795The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...

Security announcements

DSA / DLADescription
DSA-3695-1quagga - security update
DLA-662-1quagga - security update
DSA-3654-1quagga - security update
DLA-601-1quagga - security update
DSA-3532-1quagga - security update
DSA-3532-1quagga - security update
DSA-2803-1quagga - several
DSA-2803-1quagga - several
DSA-2497-1quagga - denial of service
DSA-2459-2quagga - regression
DSA-2459-1quagga - several
DSA-2316-1quagga - several
DSA-2316-1quagga - several
DSA-2197-1quagga - denial of service
DSA-2197-1quagga - denial of service
DSA-2104-1quagga - denial of service
DSA-1788-1quagga - denial of service
DSA-1382-1quagga
DSA-1382-1quagga
DSA-1293-1quagga
DSA-1293-1quagga
DSA-1059-1quagga - several

Search for package or bug name: Reporting problems