drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in quagga
Name: |
Zwei Probleme in quagga |
|
ID: |
DSA-2104-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian lenny |
|
Datum: |
Di, 7. September 2010, 07:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949 |
|
Applikationen: |
quagga |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2104-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 06, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-2948 CVE-2010-2949 Debian Bug : 594262
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2948 When processing a crafted Route Refresh message received from a configured, authenticated BGP neighbor, Quagga may crash, leading to a denial of service.
CVE-2010-2949 When processing certain crafted AS paths, Quagga would crash with a NULL pointer dereference, leading to a denial of service. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers.
In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. (Previously, such AS paths would trigger resets of unrelated BGP sessions.)
For the stable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny3.
For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.99.17-1.
We recommend that you upgrade your quagga package.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny - --------------------------------
Source archives:
quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 quagga_0.99.10-1lenny3.diff.gz Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369 quagga_0.99.10-1lenny3.dsc Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed
Architecture independent packages:
quagga-doc_0.99.10-1lenny3_all.deb Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f
alpha architecture (DEC Alpha)
quagga_0.99.10-1lenny3_alpha.deb Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0
amd64 architecture (AMD x86_64 (AMD64))
quagga_0.99.10-1lenny3_amd64.deb Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254
arm architecture (ARM)
quagga_0.99.10-1lenny3_arm.deb Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19
armel architecture (ARM EABI)
quagga_0.99.10-1lenny3_armel.deb Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1
hppa architecture (HP PA RISC)
quagga_0.99.10-1lenny3_hppa.deb Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6
i386 architecture (Intel ia32)
quagga_0.99.10-1lenny3_i386.deb Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b
ia64 architecture (Intel ia64)
quagga_0.99.10-1lenny3_ia64.deb Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf
mips architecture (MIPS (Big Endian))
quagga_0.99.10-1lenny3_mips.deb Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d
mipsel architecture (MIPS (Little Endian))
quagga_0.99.10-1lenny3_mipsel.deb Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e
powerpc architecture (PowerPC)
quagga_0.99.10-1lenny3_powerpc.deb Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01
s390 architecture (IBM S/390)
quagga_0.99.10-1lenny3_s390.deb Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309
sparc architecture (Sun SPARC/UltraSPARC)
quagga_0.99.10-1lenny3_sparc.deb Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1 6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no H0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j dRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0 IR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr sITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY= =HP/T -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/87r5h6of03.fsf@mid.deneb.enyo.de
|
|
|
|