drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in quagga
Name: |
Zwei Probleme in quagga |
|
ID: |
USN-3102-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Do, 13. Oktober 2016, 15:13 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4049 |
|
Applikationen: |
quagga |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4896429187244563484== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA Content-Type: multipart/mixed; boundary="EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1b5fd4c4-9b7c-1a4c-ebfc-b43b3b1adc47@canonical.com> Subject: [USN-3102-1] Quagga vulnerabilities
--EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3102-1 October 13, 2016
quagga vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Quagga.
Software Description: - quagga: BGP/OSPF/RIP routing daemon
Details:
It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. (CVE-2016-4049)
It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information. (CVE-2016-4036)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.1
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.2
Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.5
After a standard system update you need to restart Quagga to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3102-1 CVE-2016-4036, CVE-2016-4049
Package Information: https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.1 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.2 https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.5
--EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD--
--x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJX/4WfAAoJEGVp2FWnRL6TXDoP/0o4QbuvDwu7hj7xPTjstGo9 4A1HEm0gmnEoCeDGdJwQRmWFIwHPj1ifnjsxPPO2mVLSp/ek99xDtaYDibcv+Izk qdqJR8VF86YAraMnj1uHQvFHyeFJ626G0exPpNpblZQl8ns6yhnxpE/bvZw3r0tq F9WZvk7qRPWH6r7CFzURmIVEnp0gA65eawwpDo2nHazAfMTkLEzA3Q6uW4KhkiUQ bOt8213PMb7Jx3/TtNj8rq4nWkqzxiE/4Zt64zUjWTmufke6QZAAXEBSVQxRErXj 6BlqS3Ftax+xLVMfCF+K07qKj3j1xqX0uD+PPq6l4Z7T37u3WdEpmNJZEwsOA2bw 0tnnylciRAuGRK9putVeC+saYPFKW4+yZal+thLK9X3AYozdsJgzf0UsxDSxhVR8 MPfqmXSG5ThYnvynhJ+jwQLVFdf3uz2KPQiSAfOJD36W2noYjlX/UEkd1g03NUc8 sAclxvBU4qNu1oOmyBv+UaT77nmSnPtkz5Ppw0br/JRCI+1uRqh1SoJ3wfAtHT2N h6srWnm+8EX4DAPGCQuw3R113oaONEQFGq6FLB/kQLTgD5zWwoPURAm+oghAoUIJ 7B1vwWbZGUeFybpK7umQHcVSj6ZJ+d5RZDYaSq2XQr9MBmooaw2FkuyDiKpb+ykx 3Lo088fn1tqZxePNu2PJ =itkL -----END PGP SIGNATURE-----
--x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA--
--===============4896429187244563484== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4896429187244563484==--
|
|
|
|