Sicherheit: Zwei Probleme in quagga

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4896429187244563484==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA
Content-Type: multipart/mixed;
boundary="EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <1b5fd4c4-9b7c-1a4c-ebfc-b43b3b1adc47@canonical.com>
Subject: [USN-3102-1] Quagga vulnerabilities

--EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3102-1
October 13, 2016

quagga vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Quagga.

Software Description:
- quagga: BGP/OSPF/RIP routing daemon

Details:

It was discovered that Quagga incorrectly handled dumping data. A remote
attacker could possibly use a large BGP packet to cause Quagga to crash,
resulting in a denial of service. (CVE-2016-4049)

It was discovered that the Quagga package incorrectly set permissions on
the configuration directory. A local user could use this issue to possibly
obtain sensitive information. (CVE-2016-4036)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
quagga 0.99.24.1-2ubuntu1.1

Ubuntu 14.04 LTS:
quagga 0.99.22.4-3ubuntu1.2

Ubuntu 12.04 LTS:
quagga 0.99.20.1-0ubuntu0.12.04.5

After a standard system update you need to restart Quagga to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-3102-1
CVE-2016-4036, CVE-2016-4049

Package Information:
https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.1
https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.2
https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.5

--EnQ1T3cimtqN7XeXHqIjB63t6XmPgJExD--

--x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJX/4WfAAoJEGVp2FWnRL6TXDoP/0o4QbuvDwu7hj7xPTjstGo9
4A1HEm0gmnEoCeDGdJwQRmWFIwHPj1ifnjsxPPO2mVLSp/ek99xDtaYDibcv+Izk
qdqJR8VF86YAraMnj1uHQvFHyeFJ626G0exPpNpblZQl8ns6yhnxpE/bvZw3r0tq
F9WZvk7qRPWH6r7CFzURmIVEnp0gA65eawwpDo2nHazAfMTkLEzA3Q6uW4KhkiUQ
bOt8213PMb7Jx3/TtNj8rq4nWkqzxiE/4Zt64zUjWTmufke6QZAAXEBSVQxRErXj
6BlqS3Ftax+xLVMfCF+K07qKj3j1xqX0uD+PPq6l4Z7T37u3WdEpmNJZEwsOA2bw
0tnnylciRAuGRK9putVeC+saYPFKW4+yZal+thLK9X3AYozdsJgzf0UsxDSxhVR8
MPfqmXSG5ThYnvynhJ+jwQLVFdf3uz2KPQiSAfOJD36W2noYjlX/UEkd1g03NUc8
sAclxvBU4qNu1oOmyBv+UaT77nmSnPtkz5Ppw0br/JRCI+1uRqh1SoJ3wfAtHT2N
h6srWnm+8EX4DAPGCQuw3R113oaONEQFGq6FLB/kQLTgD5zWwoPURAm+oghAoUIJ
7B1vwWbZGUeFybpK7umQHcVSj6ZJ+d5RZDYaSq2XQr9MBmooaw2FkuyDiKpb+ykx
3Lo088fn1tqZxePNu2PJ
=itkL
-----END PGP SIGNATURE-----

--x1bIMMuGTSSRltUwLXXO2j7VKhDVEQNFA--

--===============4896429187244563484==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4896429187244563484==--