Bug#879474: quagga-bgpd: BGP session termination due to rather long AS paths in update messages

Thu, 02 Nov 2017 04:36:35 -0700 

Hi,

I have prepared an NMU fixing CVE-2017-16227 in unstable.

Scott, can you take a look ? If you want, you can also upload the
changes under your name, that's fine to me.

Without answer in the next days, I'll upload it in the DELAYED queue
to avoid the removal.

You can find a debdiff in attachment.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA

diff -Nru quagga-1.1.1/debian/changelog quagga-1.1.1/debian/changelog
--- quagga-1.1.1/debian/changelog       2017-04-05 13:41:14.000000000 +0200
+++ quagga-1.1.1/debian/changelog       2017-11-02 11:55:28.000000000 +0100
@@ -1,3 +1,11 @@
+quagga (1.1.1-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * SECURITY: CVE-2017-16227: BGP session termination due to rather
+    long AS paths in update messages (Closes: #879474).
+
+ -- Hugo Lefeuvre <h...@debian.org>  Thu, 02 Nov 2017 11:55:28 +0100
+
 quagga (1.1.1-3) unstable; urgency=medium
 
   * Fix upgrade file conflict with old quagga packages (Closes: #859581).
diff -Nru quagga-1.1.1/debian/patches/CVE-2017-16227.patch 
quagga-1.1.1/debian/patches/CVE-2017-16227.patch
--- quagga-1.1.1/debian/patches/CVE-2017-16227.patch    1970-01-01 
01:00:00.000000000 +0100
+++ quagga-1.1.1/debian/patches/CVE-2017-16227.patch    2017-11-02 
11:55:28.000000000 +0100
@@ -0,0 +1,19 @@
+From: Andreas Jaggi <a...@open.ch>
+Subject: bgpd: Fix AS_PATH size calculation for long paths
+ If you have an AS_PATH with more entries than what can be written into a
+ single AS_SEGMENT_MAX it needs to be broken up. The code that noticed
+ that the AS_PATH needs to be broken up was not correctly calculating the
+ size of the resulting message. This patch addresses this issue.
+Origin: upstream, 
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
+Bug-Debian: http://bugs.debian.org/879474
+--- a/bgpd/bgp_aspath.c        2017-11-02 11:59:02.930664438 +0100
++++ b/bgpd/bgp_aspath.c        2017-11-02 11:59:02.930664438 +0100
+@@ -903,7 +903,7 @@
+               assegment_header_put (s, seg->type, AS_SEGMENT_MAX);
+               assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit);
+               written += AS_SEGMENT_MAX;
+-              bytes += ASSEGMENT_SIZE (written, use32bit);
++              bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit);
+             }
+           
+           /* write the final segment, probably is also the first */
diff -Nru quagga-1.1.1/debian/patches/series quagga-1.1.1/debian/patches/series
--- quagga-1.1.1/debian/patches/series  2017-04-05 13:41:14.000000000 +0200
+++ quagga-1.1.1/debian/patches/series  2017-11-02 11:55:28.000000000 +0100
@@ -5,3 +5,4 @@
 0005-Fix-manpage-number-for-ospfclient.patch
 0007-Patch-.service-files-for-Debian.patch
 0008-Add-correct-QUAGGA_VERSION-to-manpages.patch
+CVE-2017-16227.patch

Attachment: signature.asc
Description: PGP signature

Reply via email to