[USN-512-1] Quagga vulnerability
Date: Fri, 14 Sep 2007 22:23:02 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-512-1] Quagga vulnerability
Message-ID: <20070915052302.GN10503@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="ahP6B03r4gLOj5uD"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.299 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--ahP6B03r4gLOj5uD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-512-1 September 15, 2007
quagga vulnerability
CVE-2007-4826
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.3
Ubuntu 6.10:
quagga 0.99.4-4ubuntu1.2
Ubuntu 7.04:
quagga 0.99.6-2ubuntu3.2
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
It was discovered that Quagga did not correctly verify OPEN messages or
COMMUNITY attributes sent from configured peers. Malicious authenticated
remote peers could send a specially crafted message which would cause
bgpd to abort, leading to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3.diff.gz
Size/MD5: 32441 ef8dcb8af8a4e80bcfae7884c91246b2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3.dsc
Size/MD5: 762 d875c1da312abaea58e947b01070fea2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig=
=2Etar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-=
1ubuntu3.3_all.deb
Size/MD5: 663874 2a18dc0f553a8a31aa2ad1360c0da70a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3_amd64.deb
Size/MD5: 1403902 610bf123e260707c984d573f42e3573e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3_i386.deb
Size/MD5: 1198834 2bb7a83b7dee840274eb7769da1f8756
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3_powerpc.deb
Size/MD5: 1351532 44e25c1bdcef2a6500e85b64eb4bc36d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubu=
ntu3.3_sparc.deb
Size/MD5: 1322538 28b109e575361eff2e7bb0a2b71867db
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2.diff.gz
Size/MD5: 30580 c402481e9a5dd976cf7720ed216a8dc7
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2.dsc
Size/MD5: 762 652e0e34a27a903f7cba1cb42efe0185
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig=
=2Etar.gz
Size/MD5: 2207774 a75d3f5ed0b3354274c28d195e3f6479
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-=
4ubuntu1.2_all.deb
Size/MD5: 706508 d0e90a9178942c8a39466c0a9e7a4707
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2_amd64.deb
Size/MD5: 1409522 257b1917e4ce3b91c085ec3275a05cf5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2_i386.deb
Size/MD5: 1244688 29adb0d2304ce55a4fc30fed6b66b613
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2_powerpc.deb
Size/MD5: 1375626 9be3046d709b339581375a30227178a9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubu=
ntu1.2_sparc.deb
Size/MD5: 1342646 a621e675ba2c8aa01d989a8b0643075c
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2.diff.gz
Size/MD5: 48850 928858025b77e889a6f50ec690e086cb
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2.dsc
Size/MD5: 861 0034ab0361b133fb43c2541be3255628
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig=
=2Etar.gz
Size/MD5: 2324051 78137ecaa66ff4c3780bd05f60e51cf5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-=
2ubuntu3.2_all.deb
Size/MD5: 720818 750d2e8759af8e86bf0df4ef165fd438
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2_amd64.deb
Size/MD5: 1477058 ea80dadac30ad0f541f723e9eec97c1d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2_i386.deb
Size/MD5: 1309870 52f63d60039441322967da87fe519b2e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2_powerpc.deb
Size/MD5: 1485474 0ab78f1ff062e7d059492251e6f56715
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubu=
ntu3.2_sparc.deb
Size/MD5: 1417054 54948b2e997ecffd4647bb244fa5fa84
--ahP6B03r4gLOj5uD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG62w2H/9LqRcGPm0RAmEPAJ4mSl1cDl5+6g0JiX+w7c+dhwd5TQCeIR39
T19/MRAIRY+7FW+hKmeGaZ8=
=llxP
-----END PGP SIGNATURE-----
--ahP6B03r4gLOj5uD--