Ubuntu 11.10 USN-1261-1 Moderate Quagga Denial Of Service
Nov 15, 2011
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Quagga could be made to crash or run programs if it received specially crafted network traffic.
=========================================================================Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. Software Description: - quagga: BGP/OSPF/RIP routing daemon Details: Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3326) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could use this flaw to cause Quagga to crash, or possibly execute arbitrary code. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. References: CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327 Package Information: https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1 https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1 https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3
PREVIOUS
NEXT
Ubuntu 11.10 USN-1261-1 Moderate Quagga Denial Of Service
ubuntu
November 15, 2011
Quagga could be made to crash or run programs if it received specially crafted network traffic.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes.
References
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326,
CVE-2011-3327
November 14, 2011
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1 https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1 https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!