[USN-512-1] Quagga vulnerability

Kees Cook kees at ubuntu.com
Sat Sep 15 05:23:02 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-512-1         September 15, 2007
quagga vulnerability
CVE-2007-4826
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  quagga                          0.99.2-1ubuntu3.3

Ubuntu 6.10:
  quagga                          0.99.4-4ubuntu1.2

Ubuntu 7.04:
  quagga                          0.99.6-2ubuntu3.2

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that Quagga did not correctly verify OPEN messages or
COMMUNITY attributes sent from configured peers. Malicious authenticated
remote peers could send a specially crafted message which would cause
bgpd to abort, leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.diff.gz
      Size/MD5:    32441 ef8dcb8af8a4e80bcfae7884c91246b2
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.dsc
      Size/MD5:      762 d875c1da312abaea58e947b01070fea2
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
      Size/MD5:  2185137 88087d90697fcf5fe192352634f340b3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.3_all.deb
      Size/MD5:   663874 2a18dc0f553a8a31aa2ad1360c0da70a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_amd64.deb
      Size/MD5:  1403902 610bf123e260707c984d573f42e3573e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_i386.deb
      Size/MD5:  1198834 2bb7a83b7dee840274eb7769da1f8756

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_powerpc.deb
      Size/MD5:  1351532 44e25c1bdcef2a6500e85b64eb4bc36d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_sparc.deb
      Size/MD5:  1322538 28b109e575361eff2e7bb0a2b71867db

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.diff.gz
      Size/MD5:    30580 c402481e9a5dd976cf7720ed216a8dc7
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.dsc
      Size/MD5:      762 652e0e34a27a903f7cba1cb42efe0185
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz
      Size/MD5:  2207774 a75d3f5ed0b3354274c28d195e3f6479

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.2_all.deb
      Size/MD5:   706508 d0e90a9178942c8a39466c0a9e7a4707

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_amd64.deb
      Size/MD5:  1409522 257b1917e4ce3b91c085ec3275a05cf5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_i386.deb
      Size/MD5:  1244688 29adb0d2304ce55a4fc30fed6b66b613

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_powerpc.deb
      Size/MD5:  1375626 9be3046d709b339581375a30227178a9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_sparc.deb
      Size/MD5:  1342646 a621e675ba2c8aa01d989a8b0643075c

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.diff.gz
      Size/MD5:    48850 928858025b77e889a6f50ec690e086cb
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.dsc
      Size/MD5:      861 0034ab0361b133fb43c2541be3255628
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz
      Size/MD5:  2324051 78137ecaa66ff4c3780bd05f60e51cf5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.2_all.deb
      Size/MD5:   720818 750d2e8759af8e86bf0df4ef165fd438

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_amd64.deb
      Size/MD5:  1477058 ea80dadac30ad0f541f723e9eec97c1d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_i386.deb
      Size/MD5:  1309870 52f63d60039441322967da87fe519b2e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_powerpc.deb
      Size/MD5:  1485474 0ab78f1ff062e7d059492251e6f56715

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_sparc.deb
      Size/MD5:  1417054 54948b2e997ecffd4647bb244fa5fa84

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070914/c3ba1214/attachment.sig>


More information about the ubuntu-security-announce mailing list