[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070517231032.GY2713@outflux.net>
Date: Thu, 17 May 2007 16:10:32 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-461-1] Quagga vulnerability
===========================================================
Ubuntu Security Notice USN-461-1 May 17, 2007
quagga vulnerability
CVE-2007-1995
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.1
Ubuntu 6.10:
quagga 0.99.4-4ubuntu1.1
Ubuntu 7.04:
quagga 0.99.6-2ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Quagga did not correctly verify length
information sent from configured peers. Remote malicious peers could
send a specially crafted UPDATE message which would cause bgpd to abort,
leading to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.diff.gz
Size/MD5: 31906 040e4fc7aceb2e2aa030086d619162dc
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.dsc
Size/MD5: 762 f891a5b866522b3d748e66de9d242ffb
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.1_all.deb
Size/MD5: 663694 bf76e66aff39c9b91dd5e4def6a59b06
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_amd64.deb
Size/MD5: 1403368 cc3e45625001b0f1a3a6b1263d26cd1b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_i386.deb
Size/MD5: 1198576 096b5b4bdf88c9d26d166b73930084bf
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_powerpc.deb
Size/MD5: 1351228 237c96d9f7237843cdd8e9b88673eb14
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_sparc.deb
Size/MD5: 1322256 1772df6aa3a48bffed70b57b0812763f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.diff.gz
Size/MD5: 29987 d1cd101f3729161fc0b4c86c6023f82f
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.dsc
Size/MD5: 762 4afe7890ba2c178777089bfa9de81534
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz
Size/MD5: 2207774 a75d3f5ed0b3354274c28d195e3f6479
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.1_all.deb
Size/MD5: 706328 b47bf93109b4c5365aab5a2774d4674b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_amd64.deb
Size/MD5: 1409208 5ebc2a4f27407f05b3779c2dce6bab03
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_i386.deb
Size/MD5: 1244392 1ab4d693a5dc869eb2f1b234451ed2c8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_powerpc.deb
Size/MD5: 1375444 91e3aaccf2ef113ebd55e1b7cf8680e0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_sparc.deb
Size/MD5: 1342382 c3b394ce9fffc99d5167dcfefdedacf0
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.diff.gz
Size/MD5: 48290 868fad25987463f3373b8e3a7baa6d8c
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.dsc
Size/MD5: 861 fde685263db0edc6ef32c0c0081097dd
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz
Size/MD5: 2324051 78137ecaa66ff4c3780bd05f60e51cf5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.1_all.deb
Size/MD5: 720644 707acb63b8a1cabfa38d7748f834f814
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_amd64.deb
Size/MD5: 1476654 91bc4654c0e615b55a88de93c19de2ec
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_i386.deb
Size/MD5: 1309546 3c99a46e8d40ef40dd4ee1bc218e6b8e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_powerpc.deb
Size/MD5: 1485312 803b3da7540d5b0c0287ae9f0068b2e0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_sparc.deb
Size/MD5: 1417036 14443669e7396b193ef9f2d76778bc86
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists