lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090512223428.GO9451@outflux.net>
Date: Tue, 12 May 2009 15:34:28 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-775-1] Quagga vulnerability

===========================================================
Ubuntu Security Notice USN-775-1               May 12, 2009
quagga vulnerability
CVE-2009-1572
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  quagga                          0.99.2-1ubuntu3.5

Ubuntu 8.04 LTS:
  quagga                          0.99.9-2ubuntu1.2

Ubuntu 8.10:
  quagga                          0.99.9-6ubuntu0.1

Ubuntu 9.04:
  quagga                          0.99.11-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the BGP service in Quagga did not correctly
handle certain AS paths containing 4-byte ASNs.  An authenticated remote
attacker could exploit this flaw to cause bgpd to abort, leading to a
denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz
      Size/MD5:    37396 292a1fd54c54ee38c5516a9ca6523684
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc
      Size/MD5:      808 d5f6cf9d134b206ae50a8cdb5ec440ef
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
      Size/MD5:  2185137 88087d90697fcf5fe192352634f340b3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb
      Size/MD5:   664112 e541fe24436631fe1dd0d9950c1d2e24

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb
      Size/MD5:  1404040 736f2c09298720560f32fdd1d07034c4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb
      Size/MD5:  1199076 382851e8e63c2d82a6b7be5a1dd3cbae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb
      Size/MD5:  1351344 6251ec5c5d7f4c7bcbc955fc34949da7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb
      Size/MD5:  1322236 573027a1c4046355d7092ee6f9d1954a

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz
      Size/MD5:    39821 d108390e18abfb164ac6add2059a70f4
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc
      Size/MD5:     1022 1ed0ba0dad080309f1f7e4be0f938a86
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
      Size/MD5:  2341067 4dbdaf91bf6609803819d97d5fccc4c9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb
      Size/MD5:   661654 00651b4ef4395f0482c2e8045fef3df4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb
      Size/MD5:  1619694 1463126f4765b183d7d05439dce8e85e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb
      Size/MD5:  1464662 4b47ad2b99897070c3d9e83b17d31fe6

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb
      Size/MD5:  1461048 f43d4d089d177d8fda7b5e15c03c4fbd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb
      Size/MD5:  1658536 6f57951e682174d9654138b6e64062a2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb
      Size/MD5:  1521228 b9eb0d80e54b06063a1cdb67fb4d127c

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz
      Size/MD5:    39858 dd50ad39ebb03c42c684efe1bfc16a73
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc
      Size/MD5:     1486 01d1272ad69971946c70ccff5dd2c1db
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
      Size/MD5:  2341067 4dbdaf91bf6609803819d97d5fccc4c9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb
      Size/MD5:   661130 52ab02e56bffd388775e7add6943f72c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb
      Size/MD5:  1729098 c77f07c11e21227fa219a5448f622fb0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb
      Size/MD5:  1589616 8ecef808331e53dca0fe0b2f7e48049a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb
      Size/MD5:  1565098 eba9788ae7b71fa2cc3d349a0b96ca6e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb
      Size/MD5:  1693896 f0ee074951fdab1668a33cef036b02e5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb
      Size/MD5:  1643386 e791fa01f8b51ca7b7bfaa9e74cd7aac

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz
      Size/MD5:    39815 af681588d24ed13e1ba223a9294423e3
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc
      Size/MD5:     1493 9c1d0c8987369d2a4cbd4d15dfd1cf6e
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz
      Size/MD5:  2192249 903e40c744730ad4d62bee872eeb813b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb
      Size/MD5:   631710 9157ee95937ad02265b5605896577ebe

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb
      Size/MD5:  1708300 f9fc9256058948fd82aec0aefddbad56

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb
      Size/MD5:  1570358 dc112519bd1248bd480d394ec710c339

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb
      Size/MD5:  1545774 6c068d3ab5d334cee19e6290bb8c2bc1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb
      Size/MD5:  1674212 82de163f2602d256caddb75c124afb54

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb
      Size/MD5:  1623648 34b17f42f4dc5a396d7442550f53400d


Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ