[USN-1027-1] Quagga vulnerabilities
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Dec 7 19:42:10 UTC 2010
===========================================================
Ubuntu Security Notice USN-1027-1 December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.7
Ubuntu 8.04 LTS:
quagga 0.99.9-2ubuntu1.4
Ubuntu 9.10:
quagga 0.99.13-1ubuntu0.1
Ubuntu 10.04 LTS:
quagga 0.99.15-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly handled certain Outbound Route
Filtering (ORF) records. A remote authenticated attacker could use this
flaw to cause a denial of service or potentially execute arbitrary code.
The default compiler options for Ubuntu 8.04 LTS and later should reduce
the vulnerability to a denial of service. (CVE-2010-2948)
It was discovered that Quagga incorrectly parsed certain AS paths. A remote
attacker could use this flaw to cause Quagga to crash, resulting in a
denial of service. (CVE-2010-2949)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.diff.gz
Size/MD5: 35595 33d87fda16424363b5ed66d76a0e84d0
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.dsc
Size/MD5: 1411 dfa7ab569c6be50f015f0261a767dd68
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.7_all.deb
Size/MD5: 664604 6ddb00d23f3d3fabbc1a35c9841a089a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_amd64.deb
Size/MD5: 1404736 31f4c356a361b0a1fe7c98e835f03d7e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_i386.deb
Size/MD5: 1198278 3e99ddcc24b9bd6fb69f1c6dda66daf3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_powerpc.deb
Size/MD5: 1351762 67ae0179e652e156153f835db2ede8e9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_sparc.deb
Size/MD5: 1322666 6b282053912522c536a80263e3f713f9
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.diff.gz
Size/MD5: 38201 c7162c4df4238379c40f153ab9bcfe86
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.dsc
Size/MD5: 1625 cb3558332bc96c2caa5b804fdc758759
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.4_all.deb
Size/MD5: 661896 d8652bb4873a02f46d8d294683e84e38
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_amd64.deb
Size/MD5: 1622304 7288179aa5eb7c264135ab9980219d42
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_i386.deb
Size/MD5: 1464836 36ddbb4a047833b00efd1d4387e6bec3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_lpia.deb
Size/MD5: 1462038 5f4d47c79fe72cd2053d1c1b5f90799c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_powerpc.deb
Size/MD5: 1659270 40512b0af9e48b4f0a168056c9079f48
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_sparc.deb
Size/MD5: 1521808 bb4a215458bac828223fe5d2327a9242
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.diff.gz
Size/MD5: 35758 bc638ecdc3c5ba6875a5fa0650e823f6
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.dsc
Size/MD5: 2067 915cb6412ba0b183d30ccecfddc6305d
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz
Size/MD5: 2172551 55a7d2dcf016580a7c7412b3518cd942
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.1_all.deb
Size/MD5: 661742 96564df91c4e730debff081d7f7c7e23
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_amd64.deb
Size/MD5: 1703042 bcb10b9a8aeb2706774a99c0a4fbd023
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_i386.deb
Size/MD5: 1565484 d8aed87d44dd6e19855edd6a996ffc48
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_armel.deb
Size/MD5: 1492928 9918fb7f70e64228595b2478b0a49895
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_lpia.deb
Size/MD5: 1550556 e6a6b180c48dc674bad96b78cfb11e9c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_powerpc.deb
Size/MD5: 1646106 35bbb927b20b4958f13054abca9b4c13
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_sparc.deb
Size/MD5: 1624194 a2b3db7964330d62887c1419c76544b6
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.diff.gz
Size/MD5: 37257 6c2c7cccfe10a755a30ef5e61f52f586
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.dsc
Size/MD5: 2048 18d2ea42d79292d8c433565c07d3a802
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz
Size/MD5: 2191159 8975414c76a295f4855a417af0b5ddce
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.1_all.deb
Size/MD5: 764130 2acf3dd06310bd40d4219920d09b5767
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_amd64.deb
Size/MD5: 1713858 6497631ad251f9c5788e646e79946820
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_i386.deb
Size/MD5: 1573456 2aec1c1a97bc1cc0df79e228e6869f1b
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_armel.deb
Size/MD5: 1516254 689a3e791a6df9875286dec65690f5fe
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_powerpc.deb
Size/MD5: 1653722 1606bb5360480b6b6cbe19263a30fa69
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_sparc.deb
Size/MD5: 1669496 5d54eb4c68cb61153b1e173f7337ec1e
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20101207/6088552f/attachment.sig>
More information about the ubuntu-security-announce
mailing list