A security issue fixed upstream in quagga has been announced: http://openwall.com/lists/oss-security/2017/10/30/4 The commit that fixed the issue is linked in the message above. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for quagga.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
CC: (none) => jackal.jAssignee: pkg-bugs => jackal.j
Debian has issued an advisory for this on October 30: https://www.debian.org/security/2017/dsa-4011
I have submitted the latest version 1.2.2 to cauldron, which contains the patch. Will submit the patch for mga5 and mga6 later.
All submissions done Assigning it to QA. Suggested Advisory: ============================== Updated quagga packages to resolve security vulnerabilities: The bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity (CVE-2017-16227). References: ==================== http://openwall.com/lists/oss-security/2017/10/30/4 https://www.debian.org/security/2017/dsa-4011 https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 Updated packages in core/updates_testing: -------------------------------------------------- RPMS: quagga quagga-contrib lib(64)quagga0 lib(64)quagga-devel SRPMs: quagga.src.rpm For Mageia 5 the version-release is 0.99.22.4-4.5 For Mageia 6 the version-release is 0.99.24.1-6.1 For Cauldron the version-release is 1.2.2-1
Assignee: jackal.j => qa-bugs
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Keywords: (none) => advisory
MGA5-32 on Asus A6000VM Xfce No installation issues Followed bug 20271 Comment 1, but problems # systemctl start zebra # systemctl start bgpd.service # systemctl start ospfd # systemctl start ripd # systemctl start isisd # systemctl start ripngd # watchquagga zebra bgpd ospfd ospf6d ripd isisd ripngd 2017/11/07 16:19:40 NONE: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ospf6d ripd isisd ripngd], mode [monitor] 2017/11/07 16:19:40 NONE: bgpd state -> down : initial connection attempt failed 2017/11/07 16:19:40 NONE: ripngd state -> down : initial connection attempt failed 2017/11/07 16:19:41 NONE: ospfd state -> down : initial connection attempt failed 2017/11/07 16:19:41 NONE: ospf6d state -> down : initial connection attempt failed 2017/11/07 16:19:41 NONE: zebra state -> up : connect succeeded 2017/11/07 16:19:41 NONE: ripd state -> down : initial connection attempt failed 2017/11/07 16:19:41 NONE: isisd state -> down : initial connection attempt failed and subsequently # systemctl start ospf6d did not produce any quagga output and # netstat -tapnl | grep ':26' tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 9298/zebra tcp6 0 0 :::2601 :::* LISTEN 9298/zebra Found then in bug 20271 Comment 2 that editing is needed in /etc/quagga conf files. Found only zebra.conf (just my hostname in it) and vtysh.conf (empty), for all the others just the sample files. I will need some time to study this, but not right now.
CC: (none) => herman.viaene
Found tutorial on https://openmaniak.com/quagga_tutorial.php First snag: there is /etc/quagga/daemons file in the installation.
Had another llok at the tutorial, but apparently it is not in line anymore with the current package.It installs cleanly, so OK enough
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: quagga lib64quagga0 default install of quagga & lib64quagga0 [root@localhost wilcal]# urpmi quagga Package quagga-0.99.22.4-4.4.mga5.x86_64 is already [root@localhost wilcal]# urpmi lib64quagga0 Package lib64quagga0-0.99.22.4-4.4.mga5.x86_64 is already installed No errors on install install quagga & lib64quagga0 from updates_testing [root@localhost wilcal]# urpmi quagga Package quagga-0.99.22.4-4.5.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64quagga0 Package lib64quagga0-0.99.22.4-4.5.mga5.x86_64 is already installed No errors on update
CC: (none) => wilcal.int
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA5-64-OK
In VirtualBox, M6, Plasma, 32-bit Package(s) under test: quagga libquagga0 default install of quagga & libquagga0 [root@localhost wilcal]# urpmi quagga Package quagga-0.99.24.1-6.mga6.i586 is already installed [root@localhost wilcal]# urpmi libquagga0 Package libquagga0-0.99.24.1-6.mga6.i586 is already installed No errors on install install quagga & libquagga0 from updates_testing [root@localhost wilcal]# urpmi quagga Package quagga-0.99.24.1-6.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libquagga0 Package libquagga0-0.99.24.1-6.1.mga6.i586 is already installed No errors on update
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK
In VirtualBox, M6, Plasma, 64-bit Package(s) under test: quagga lib64quagga0 default install of quagga & lib64quagga0 [root@localhost wilcal]# urpmi quagga Package quagga-0.99.24.1-6.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64quagga0 Package lib64quagga0-0.99.24.1-6.mga6.x86_64 is already installed No errors on install install quagga & lib64quagga0 from updates_testing [root@localhost wilcal]# urpmi quagga Package quagga-0.99.24.1-6.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64quagga0 Package lib64quagga0-0.99.24.1-6.1.mga6.x86_64 is already installed No errors on update
We've tested this as best we can Testing complete for MGA5 & MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
CC: (none) => sysadmin-bugsWhiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-32-OKKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0416.html
Status: NEW => RESOLVEDResolution: (none) => FIXED