[ubuntu-hardened] How to fix CVE-2004-0230
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Jul 20 12:03:32 UTC 2022
On Tue, Jul 19, 2022 at 3:26 PM Marcos Alano <marcoshalano at gmail.com> wrote:
>
> Hi folks,
>
> Quagga wasn't deprecated in Jammy and beyond?
Yes, as Thiago asked for a reference - look at [1] for "Quagga
replaced with frr"
[1]: https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668
> Thanks,
>
> On 19/07/2022 10:10, Brian Morton wrote:
> > Hi Thiago,
> >
> > Quagga is a BGP daemon, and this vulnerability has been patched in that
> > package for most Ubuntu releases. If you don't run BGP, there's no need
> > to install quagga and you should probably remove it. The core Linux TCP
> > stack isn't impacted by this vulnerability in a way that can be exploited.
> >
> > Thanks,
> >
> > On Tue, Jul 19, 2022 at 9:06 AM Thiago Silveira Alexandre
> > <thsalex at gmail.com <mailto:thsalex at gmail.com>> wrote:
> >
> > Hey!
> > I have a problem with the vulnerability patch CVE-2004-0230. Ubuntu
> > suggests I install quagga to fix this.
> >
> > https://ubuntu.com/security/CVE-2004-0230
> > <https://ubuntu.com/security/CVE-2004-0230>
> >
> > I was trying this solution but the vulnerability remains active.
> >
> > Can anyone help me to fix it?
> >
> > Thanks
> >
> > --
> > Thiago Silveira Alexandre
> >
>
> --
> Marcos Alano
>
>
--
Christian Ehrhardt
Senior Staff Engineer, Ubuntu Server
Canonical Ltd
More information about the ubuntu-hardened
mailing list