Discover Government News

=========================================================================Ubuntu Security Notice USN-3110-1
October 25, 2016

quagga vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Quagga could be made to crash if it received specially crafted network
traffic.

Software Description:
- quagga: BGP/OSPF/RIP routing daemon

Details:

David Lamparter discovered that Quagga incorrectly handled certain IPv6
router advertisements. A remote attacker could possibly use this issue to
cause Quagga to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  quagga                          1.0.20160315-2ubuntu0.1

Ubuntu 16.04 LTS:
  quagga                          0.99.24.1-2ubuntu1.2

Ubuntu 14.04 LTS:
  quagga                          0.99.22.4-3ubuntu1.3

Ubuntu 12.04 LTS:
  quagga                          0.99.20.1-0ubuntu0.12.04.6

After a standard system update you need to restart Quagga to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3110-1
  CVE-2016-1245

Package Information:
  https://launchpad.net/ubuntu/+source/quagga/1.0.20160315-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.2
  https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.3
  https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.6


Ubuntu 3110-1: Quagga vulnerability

October 25, 2016
Quagga could be made to crash if it received specially crafted network traffic.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: quagga 1.0.20160315-2ubuntu0.1 Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.2 Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.3 Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.6 After a standard system update you need to restart Quagga to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3110-1

CVE-2016-1245

Severity
October 25, 2016

Package Information

https://launchpad.net/ubuntu/+source/quagga/1.0.20160315-2ubuntu0.1 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.2 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.3 https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.6

Related News