Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
password has been enabled and a remote attacker can connect to the Zebra
telnet management port. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0795 to this issue.
from http://rhn.redhat.com/errata/RHSA-2003-307.html
Bump package name.
ok itojun@ margarida@
* Changes in zebra-0.92a
* Changes in bgpd
** Fix "^$" community list bug.
** Below command's Address Family specific configurations are added
nexthop-self
route-reflector-client
route-server-client
soft-reconfiguration inbound
* Changes in zebra
** Treat kernel type routes as EGP routes.
OpenBSD port changes:
FLAVOR=snmp now works
vtysh now works
Also, OpenBD specific fixes not listed below include a patch to correctly
get all interfaces from the kernel.
Changelog from e-mail:
* Changes in zebra-0.92
** Overall security is improved. Default umask is 0077.
* Changes in ripd
** If output interface is in simple password authentication mode,
substruct one from rtemax.
* Changes in bgpd
** IPv4 multicast and IPv6 unicast configuration is changed to so
called new config. All of AFI and SAFI specific configuration is
moved to "address-family" node. When you have many IPv6 only
configuration, you will see many "no neighbor X:X::X:X activate" line
in your configuration to disable IPv4 unicast NLRI exchange. In that
case please use "no bgp default ipv4-unicast" command to suppress the
output. Until zebra-0.93, old config is still left for compatibility.
Old config
==========
router bgp 7675
bgp router-id 10.0.0.1
redistribute connected
network 192.168.0.0/24
neighbor 10.0.0.2 remote-as 7675
ipv6 bgp network 3ffe:506::/33
ipv6 bgp network 3ffe:1800:e800::/40
ipv6 bgp aggregate-address 3ffe:506::/32
ipv6 bgp redistribute connected
ipv6 bgp neighbor 3ffe:506:1000::2 remote-as 1
New config
==========
router bgp 7675
bgp router-id 10.0.0.1
network 192.168.0.0/24
redistribute connected
neighbor 10.0.0.2 remote-as 7675
neighbor 3ffe:506:1000::2 remote-as 1
no neighbor 3ffe:506:1000::2 activate
!
address-family ipv6
network 3ffe:506::/33
network 3ffe:1800:e800::/40
aggregate-address 3ffe:506::/32
redistribute connected
neighbor 3ffe:506:1000::2 activate
exit-address-family
* Changes in ospfd
** Internal interface treatment is changed. Now ospfd can handle
multiple IP address for an interface.
** Redistribution of loopback interface's address works fine.
