lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1akCR5-0008F1-DI@master.debian.org>
Date: Sun, 27 Mar 2016 15:17:03 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3532-1] quagga security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3532-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 27, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quagga
CVE ID         : CVE-2016-2342
Debian Bug     : 819179

Kostya Kortchinsky discovered a stack-based buffer overflow
vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP
routing daemon. A remote attacker can exploit this flaw to cause a
denial of service (daemon crash), or potentially, execution of arbitrary
code, if bgpd is configured with BGP peers enabled for VPNv4.

For the oldstable distribution (wheezy), this problem has been fixed
in version 0.99.22.4-1+wheezy2.

For the stable distribution (jessie), this problem has been fixed in
version 0.99.23.1-1+deb8u1.

We recommend that you upgrade your quagga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW9/cBAAoJEAVMuPMTQ89EexkP/2oxhCmf6B/94AmfzsK7bCKj
zkK/TkthZimJvoacgplS2yP/nwkNtmF8Is1NVQ7IVar0cuuma0tlOi4E9YOg1FOr
uD8lCzSzwfzaZJmoxnkuKzoK3imcBh5ofd0byljtYINH9/bufz1THB3POLDviAXj
VS0tGQKmU1NuKJir0XkDCDLs3pmlAIqVbPbji7ZoT2/PLmVC0xw1dn1rOPdPkonv
83DEVnViLQqn1mfOUK8SvhLtv8L2OF9zoU80YS6124TfepAsQ97tKvOgd0MVzCkI
lXzSF4x56BPyr93QvhDNQReAbUzZ3S9fhe72nm6qXdMSejXNd3mrL2dILoxiEcw7
b5Ww6Zlux7rOCGczvTD9MPhqcVt9Hmbvltr++hYQdxxVkc7bPhbR1fdDuJa00sqc
Ui2KCUmtBrmZSTfHGpXfkmRre9+MtSkcC+nzNd52zVLR7pDQL6+dPejLqdVnu0ZO
xGXozu3tP352bO5D9JGfj/mMtEVluF/Co++DM5rMPzIFr0057AijrgdklNqMwpsF
unNZ6Kyz/S/g1wIHUKQpLfCaILRoD/2BetDIonmSCgmdKOT6s3nIY3AZDCcPVl7h
981IlMOybP+dTyKrxCp4TfirgW6duk9GdWyfs0mwO3M5k4YEyhMSGexkg2zBU/oI
T66YgV7DRQWl1FsJf5mh
=CrC5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ