Bug 822572 (CVE-2013-0149) - VUL-0: CVE-2013-0149: quagga: specially-crafted OSPF packets cause the routing table to be erased
Summary: VUL-0: CVE-2013-0149: quagga: specially-crafted OSPF packets cause the routin...
Status: RESOLVED FIXED
Alias: CVE-2013-0149
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-07-04
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:54117 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-31 08:20 UTC by Matthias Weckbecker
Modified: 2014-07-09 10:32 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Swamp Workflow Management 2013-05-31 22:00:20 UTC 
bugbot adjusting priority
Comment 4 Matthias Weckbecker 2013-08-02 11:11:57 UTC 
public
Comment 6 Bo Yang 2013-08-19 04:11:52 UTC 
patch submitted to SUSE:SLE-9-SP3:Update:Teradata:Test,
SUSE:SLE-10-SP3:Update:Test, SUSE:SLE-11-SP1:Update:Test.

reassign to maintenance team.
Comment 8 Swamp Workflow Management 2013-08-19 08:27:14 UTC 
The SWAMPID for this issue is 54111.
This issue was rated as moderate.
Please submit fixed packages until 2013-09-02.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 9 Swamp Workflow Management 2013-09-19 11:04:35 UTC 
Update released for: quagga
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 10 Swamp Workflow Management 2013-09-19 11:05:19 UTC 
Update released for: quagga, quagga-debuginfo, quagga-debugsource, quagga-devel
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2013-09-19 12:52:00 UTC 
Update released for: quagga, quagga-debuginfo, quagga-debugsource, quagga-devel
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 12 Swamp Workflow Management 2013-09-19 13:01:40 UTC 
Update released for: quagga, quagga-debuginfo, quagga-debugsource, quagga-devel
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 13 Swamp Workflow Management 2013-09-19 13:04:25 UTC 
Update released for: quagga, quagga-debuginfo, quagga-devel
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 14 Marcus Meissner 2013-10-25 13:06:02 UTC 
released
Comment 15 Swamp Workflow Management 2014-06-20 13:11:10 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-07-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57975
Comment 16 Swamp Workflow Management 2014-07-08 19:47:51 UTC 
Update released for: quagga, quagga-debuginfo, quagga-devel
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 17 Swamp Workflow Management 2014-07-08 19:50:32 UTC 
Update released for: quagga, quagga-debuginfo, quagga-devel
Products:
SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64)
SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Comment 18 Swamp Workflow Management 2014-07-08 20:45:22 UTC 
Update released for: quagga, quagga-debuginfo, quagga-debugsource, quagga-devel
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 19 Swamp Workflow Management 2014-07-09 00:04:33 UTC 
SUSE-SU-2014:0879-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 822572,828117
CVE References: CVE-2013-0149,CVE-2013-2236
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    quagga-0.99.15-0.14.11
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    quagga-0.99.9-14.17.12
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    quagga-0.99.9-14.17.12