CERT have published their Vulnerability Report for the VPNv4 security
issue:
https://www.kb.cert.org/vuls/id/270232
regards,
Paul
On Thu, 10 Mar 2016, Donald Sharp wrote:
Quagga 1.0.20160309 has been released.
This release addresses Security Vulnerability VU #270232.
Users using VPNv4 to untrusted peers and zebra that have
untrusted clients talking to it are advised to upgrade to
this release.
This release is up on Savannah or download at:
http://download.savannah.gnu.org/releases/quagga
http://download.savannah.gnu.org/releases/quagga/quagga-1.0.20160309.tar.gz
http://download.savannah.gnu.org/releases/quagga/quagga-1.0.20160309.tar.xz
http://download.savannah.gnu.org/releases/quagga/quagga-1.0.20160309.tar.asc
If you encounter a “404” error, Savannah mirrors are probably
still synchronizing the files, please give it another day.
Major user-visible changes:
[quagga] - Namespace VRF Support has been added.
[lib] - Add 'show commandtree'
[bgpd] - vpnv4 and vpnv6 handling has been included.
[bgpd] - Add 'set metric (rtt|+rtt|-rtt)' to route map handling.
[bgpd] - Addition of 'show ip bgp dampening' command tree.
[bgpd] - If route-map does not exist default to DENY for redistribute
statements
[bgpd] - Lower default 'timers connect' in BGP to 10 seconds.
[bgpd] - Enable "bgp log-neighbor-changes" by default
[bgpd] - Add support for timer commands with peer-group syntax
[bgpd] - Extend Dump to allow Extended Time Format
[babeld] - Removed from the distribution.
[isisd] - Allow the adjustment of lsp-mtu
[isisd] - Allow the import of routes from other protocols
[ospfd] - Add per interface 'ip ospf area' command
[ospfd] - Lower the default OSPF spf timers to '0 50 5000'
[ripngd] - Add ECMP support
[pimd] - Add multicast static routes.
[pimd] - Add ability to set DR priority for an interface
[pimd] - Add ability to modify hello and hold timers per interface
[vtysh] - Add 'show thread cpu ..' and 'show work-queues'
[vtysh] - Add 'show run <protocol>' command
[vtysh] - Fix history handling
[solaris] - Fix compilation issues.
Distributor-visible changes:
--enable-opaque-lsa is removed. This is considered industry
default and there should be no need to specify at compile time
to include this feature
--enable-ospf-te is removed. This is considered industry
default and there should be no need to specify at compile time
to include this feature
--enable-pimd is default. This will allow compile time issues
to be caught before they become a problem
--enable-vtysh is default. This will allow compile time issues
to be caught before they become a problem
--enable-werror has been added. If turned on, compilation will
turn all warnings into errors
--enable-babeld has been removed. The babel daemon has been
removed from Quagga distribution.
Thanks!
donald
--
Paul Jakma [email protected] @pjakma Key ID: 64A2FF6A
Fortune:
Big book, big bore.
-- Callimachus_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
