1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3532-1] quagga security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Mar 27 17:20:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 27, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : quagga
    CVE ID : CVE-2016-2342
    Debian Bug : 819179

    Kostya Kortchinsky discovered a stack-based buffer overflow
    vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a
    denial of service (daemon crash), or potentially, execution of arbitrary
    code, if bgpd is configured with BGP peers enabled for VPNv4.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 0.99.22.4-1+wheezy2.

    For the stable distribution (jessie), this problem has been fixed in
    version 0.99.23.1-1+deb8u1.

    We recommend that you upgrade your quagga packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJW9/cBAAoJEAVMuPMTQ89EexkP/2oxhCmf6B/94AmfzsK7bCKj zkK/TkthZimJvoacgplS2yP/nwkNtmF8Is1NVQ7IVar0cuuma0tlOi4E9YOg1FOr uD8lCzSzwfzaZJmoxnkuKzoK3imcBh5ofd0byljtYINH9/bufz1THB3POLDviAXj VS0tGQKmU1NuKJir0XkDCDLs3pmlAIqVbPbji7ZoT2/PLmVC0xw1dn1rOPdPkonv 83DEVnViLQqn1mfOUK8SvhLtv8L2OF9zoU80YS6124TfepAsQ97tKvOgd0MVzCkI lXzSF4x56BPyr93QvhDNQReAbUzZ3S9fhe72nm6qXdMSejXNd3mrL2dILoxiEcw7 b5Ww6Zlux7rOCGczvTD9MPhqcVt9Hmbvltr++hYQdxxVkc7bPhbR1fdDuJa00sqc Ui2KCUmtBrmZSTfHGpXfkmRre9+MtSkcC+nzNd52zVLR7pDQL6+dPejLqdVnu0ZO xGXozu3tP352bO5D9JGfj/mMtEVluF/Co++DM5rMPzIFr0057AijrgdklNqMwpsF unNZ6Kyz/S/g1wIHUKQpLfCaILRoD/2BetDIonmSCgmdKOT6s3nIY3AZDCcPVl7h 981IlMOybP+dTyKrxCp4TfirgW6duk9GdWyfs0mwO3M5k4YEyhMSGexkg2zBU/oI T66YgV7DRQWl1FsJf5mh
    =CrC5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)