Ubuntu 1261-1: Quagga vulnerabilities

    Date15 Nov 2011
    CategoryUbuntu
    73
    Posted ByLinuxSecurity Advisories
    Quagga could be made to crash or run programs if it received specially crafted network traffic.
    ==========================================================================
    Ubuntu Security Notice USN-1261-1
    November 14, 2011
    
    quagga vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 11.10
    - Ubuntu 11.04
    - Ubuntu 10.10
    - Ubuntu 10.04 LTS
    
    Summary:
    
    Quagga could be made to crash or run programs if it received specially
    crafted network traffic.
    
    Software Description:
    - quagga: BGP/OSPF/RIP routing daemon
    
    Details:
    
    Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
    incorrectly handled Link State Update messages with invalid lengths. A
    remote attacker could use this flaw to cause Quagga to crash, resulting in
    a denial of service. (CVE-2011-3323)
    
    Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
    incorrectly handled certain IPv6 Database Description messages. A remote
    attacker could use this flaw to cause Quagga to crash, resulting in a
    denial of service. (CVE-2011-3324)
    
    Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
    incorrectly handled certain IPv4 packets. A remote attacker could use this
    flaw to cause Quagga to crash, resulting in a denial of service.
    (CVE-2011-3325)
    
    Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
    incorrectly handled invalid Link State Advertisement (LSA) types. A remote
    attacker could use this flaw to cause Quagga to crash, resulting in a
    denial of service. (CVE-2011-3326)
    
    Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
    incorrectly handled certain BGP UPDATE messages. A remote attacker could
    use this flaw to cause Quagga to crash, or possibly execute arbitrary
    code. (CVE-2011-3327)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 11.10:
      quagga                          0.99.18-2ubuntu0.1
    
    Ubuntu 11.04:
      quagga                          0.99.17-4ubuntu1.1
    
    Ubuntu 10.10:
      quagga                          0.99.17-1ubuntu0.2
    
    Ubuntu 10.04 LTS:
      quagga                          0.99.15-1ubuntu0.3
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1261-1
      CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326,
      CVE-2011-3327
    
    Package Information:
      https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1
      https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1
      https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2
      https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.