=========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5 Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2 Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1 Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. An authenticated remote attacker could exploit this flaw to cause bgpd to abort, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz Size/MD5: 37396 292a1fd54c54ee38c5516a9ca6523684 http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc Size/MD5: 808 d5f6cf9d134b206ae50a8cdb5ec440ef http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb Size/MD5: 664112 e541fe24436631fe1dd0d9950c1d2e24 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb Size/MD5: 1404040 736f2c09298720560f32fdd1d07034c4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb Size/MD5: 1199076 382851e8e63c2d82a6b7be5a1dd3cbae powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb Size/MD5: 1351344 6251ec5c5d7f4c7bcbc955fc34949da7 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb Size/MD5: 1322236 573027a1c4046355d7092ee6f9d1954a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz Size/MD5: 39821 d108390e18abfb164ac6add2059a70f4 http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc Size/MD5: 1022 1ed0ba0dad080309f1f7e4be0f938a86 http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb Size/MD5: 661654 00651b4ef4395f0482c2e8045fef3df4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb Size/MD5: 1619694 1463126f4765b183d7d05439dce8e85e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb Size/MD5: 1464662 4b47ad2b99897070c3d9e83b17d31fe6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb Size/MD5: 1461048 f43d4d089d177d8fda7b5e15c03c4fbd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb Size/MD5: 1658536 6f57951e682174d9654138b6e64062a2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb Size/MD5: 1521228 b9eb0d80e54b06063a1cdb67fb4d127c Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz Size/MD5: 39858 dd50ad39ebb03c42c684efe1bfc16a73 http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc Size/MD5: 1486 01d1272ad69971946c70ccff5dd2c1db http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb Size/MD5: 661130 52ab02e56bffd388775e7add6943f72c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb Size/MD5: 1729098 c77f07c11e21227fa219a5448f622fb0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb Size/MD5: 1589616 8ecef808331e53dca0fe0b2f7e48049a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb Size/MD5: 1565098 eba9788ae7b71fa2cc3d349a0b96ca6e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb Size/MD5: 1693896 f0ee074951fdab1668a33cef036b02e5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb Size/MD5: 1643386 e791fa01f8b51ca7b7bfaa9e74cd7aac Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz Size/MD5: 39815 af681588d24ed13e1ba223a9294423e3 http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc Size/MD5: 1493 9c1d0c8987369d2a4cbd4d15dfd1cf6e http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz Size/MD5: 2192249 903e40c744730ad4d62bee872eeb813b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb Size/MD5: 631710 9157ee95937ad02265b5605896577ebe amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb Size/MD5: 1708300 f9fc9256058948fd82aec0aefddbad56 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb Size/MD5: 1570358 dc112519bd1248bd480d394ec710c339 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb Size/MD5: 1545774 6c068d3ab5d334cee19e6290bb8c2bc1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb Size/MD5: 1674212 82de163f2602d256caddb75c124afb54 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb Size/MD5: 1623648 34b17f42f4dc5a396d7442550f53400d
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/