[Buildroot] [PATCH] quagga: add upstream security fixes

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2018-5378

 >     It was discovered that the Quagga BGP daemon, bgpd, does not
 >     properly bounds check data sent with a NOTIFY to a peer, if an
 >     attribute length is invalid. A configured BGP peer can take
 >     advantage of this bug to read memory from the bgpd process or cause
 >     a denial of service (daemon crash).

 >     https://www.quagga.net/security/Quagga-2018-0543.txt

 > CVE-2018-5379

 >     It was discovered that the Quagga BGP daemon, bgpd, can double-free
 >     memory when processing certain forms of UPDATE message, containing
 >     cluster-list and/or unknown attributes, resulting in a denial of
 >     service (bgpd daemon crash).

 >     https://www.quagga.net/security/Quagga-2018-1114.txt

 > CVE-2018-5380

 >     It was discovered that the Quagga BGP daemon, bgpd, does not
 >     properly handle internal BGP code-to-string conversion tables.

 >     https://www.quagga.net/security/Quagga-2018-1550.txt

 > CVE-2018-5381

 >     It was discovered that the Quagga BGP daemon, bgpd, can enter an
 >     infinite loop if sent an invalid OPEN message by a configured peer.
 >     A configured peer can take advantage of this flaw to cause a denial
 >     of service (bgpd daemon not responding to any other events; BGP
 >     sessions will drop and not be reestablished; unresponsive CLI
 >     interface).

 >     https://www.quagga.net/security/Quagga-2018-1975.txt

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard