1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3654-1] quagga security update

    From Sebastien Delafond@1:229/2 to All on Fri Aug 26 06:10:01 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3654-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : quagga
    CVE ID : CVE-2016-4036 CVE-2016-4049
    Debian Bug : 822787 835223

    Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
    daemon.

    CVE-2016-4036

    Tamás Németh discovered that sensitive configuration files in
    /etc/quagga were world-readable despite containing sensitive
    information.

    CVE-2016-4049

    Evgeny Uskov discovered that a bgpd instance handling many peers
    could be crashed by a malicious user when requesting a route dump.

    For the stable distribution (jessie), these problems have been fixed in
    version 0.99.23.1-1+deb8u2.

    We recommend that you upgrade your quagga packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQEcBAEBCgAGBQJXv7uWAAoJEBC+iYPz1Z1k9gEIAIJFfP8HBGxxk0wi9VtvH8YP ns5vxN2NJecHqaSK9KGVq1HPn14/mlSu+ylhdSJ9tFyU7ELoqbkrGH4C4EqH3FnJ 2sHQLdJ82It9/W4OzXf0+WXW9gUOKS4SvkhSphuGJL9DNJRclb3LGYUnRBzP7qhB w5tR1/tKNYqpgMUzFauHt1dDmWhNr3T0++ejFOJv6S1VAFGTDFFBhNoLD3wT25gd aAgGFUfYWkGqz+vhcHGBXD1w4x8+SjBQ4jycIUoGHMNDfIu9rb/R2xVbl6XDzZXZ NIB9aL3c6KU4MILl9MGt2YVbKlYgf7Yuc4c7ZyrZ+YwamwveVhdZwEBwWx7Hiog=
    =SWnF
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)