News
- 2006-05-04: 0.98.6 Release Candidate to address Security issues
Three security issues have been reported recently in Quagga.
Two RIP issue were reported by Konstantin V. Gavrilenko of Arhont. The first RIP issue concerns an information leak through RIPv1, due to RIP version control not being applied fully. The second RIP issue concerns unauthenticated route injection via RIPv1 when RIPv2 authentication is enabled. Finally, bgpd is vulnerable to a DoS via the telnet interface, which could affect BGP route-servers and looking glasses.
The fixes are integrated, and the most recent CVS snapshots as of 20060504 should be considered Release Candidates, e.g. 0.98 20060504 and 0.99 20060504 or any later snapshot.
An overview of the 0.98 changes has been posted to the quagga-users list (HTML format with hyperlinks). While the various changes have all been tested, further testing of the 0.98 snapshot in this Release Candidate form, would be greatly appreciated.
