Information on source package quagga

Available versions

ReleaseVersion
jessie0.99.23.1-1+deb8u5
stretch1.1.1-3+deb9u2
buster1.2.4-3

Open issues

BugjessiestretchbusterDescription
CVE-2021-44038vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...
CVE-2017-5495vulnerable (no DSA)fixedfixedAll versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbou ...
CVE-2017-3224vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)Open Shortest Path First (OSPF) protocol implementations may improperl ...

Open unimportant issues

BugjessiestretchbusterDescription
CVE-2012-5521vulnerablevulnerablevulnerablequagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...

Resolved issues

BugDescription
CVE-2018-5381The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its p ...
CVE-2018-5380The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun intern ...
CVE-2018-5379The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free me ...
CVE-2018-5378The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly ...
CVE-2017-16227The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 al ...
CVE-2016-4049The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does no ...
CVE-2016-4036The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Ent ...
CVE-2016-2342The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI p ...
CVE-2016-1245It was discovered that the zebra daemon in Quagga before 1.0.20161017 ...
CVE-2013-6051The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not ...
CVE-2013-2236Stack-based buffer overflow in the new_msg_lsa_change_notify function ...
CVE-2013-0149The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 throug ...
CVE-2012-1820The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlie ...
CVE-2012-0255The BGP implementation in bgpd in Quagga before 0.99.20.1 does not pro ...
CVE-2012-0250Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...
CVE-2012-0249Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...
CVE-2011-3327Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ ...
CVE-2011-3326The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99 ...
CVE-2011-3325ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attacker ...
CVE-2011-3324The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 impleme ...
CVE-2011-3323The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows re ...
CVE-2010-2949bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...
CVE-2010-2948Stack-based buffer overflow in the bgp_route_refresh_receive function ...
CVE-2010-1675bgpd in Quagga before 0.99.18 allows remote attackers to cause a denia ...
CVE-2010-1674The extended-community parser in bgpd in Quagga before 0.99.18 allows ...
CVE-2009-1572The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote atta ...
CVE-2007-4826bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...
CVE-2007-1995bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...
CVE-2006-2276bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cau ...
CVE-2006-2224RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...
CVE-2006-2223RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly impleme ...
CVE-2003-0858Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...
CVE-2003-0795The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, do ...

Security announcements

DSA / DLADescription
DLA-1286-1quagga - security update
DSA-4115-1quagga - security update
DLA-1152-1quagga - security update
DSA-4011-1quagga - security update
DSA-3695-1quagga - security update
DLA-662-1quagga - security update
DSA-3654-1quagga - security update
DLA-601-1quagga - security update
DSA-3532-1quagga - security update
DSA-2803-1quagga - several
DSA-2497-1quagga - denial of service
DSA-2459-2quagga - regression
DSA-2459-1quagga - several
DSA-2316-1quagga - several
DSA-2197-1quagga - denial of service
DSA-2104-1quagga - denial of service
DSA-1788-1quagga - denial of service
DSA-1382-1quagga
DSA-1293-1quagga
DSA-1059-1quagga - several

Search for package or bug name: Reporting problems