==========================================================================
Ubuntu Security Notice USN-3102-1
October 13, 2016
quagga vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Quagga.
Software Description:
– quagga: BGP/OSPF/RIP routing daemon
Details:
It was discovered that Quagga incorrectly handled dumping data. A remote
attacker could possibly use a large BGP packet to cause Quagga to crash,
resulting in a denial of service. (CVE-2016-4049)
It was discovered that the Quagga package incorrectly set permissions on
the configuration directory. A local user could use this issue to possibly
obtain sensitive information. (CVE-2016-4036)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
quagga 0.99.24.1-2ubuntu1.1
Ubuntu 14.04 LTS:
quagga 0.99.22.4-3ubuntu1.2
Ubuntu 12.04 LTS:
quagga 0.99.20.1-0ubuntu0.12.04.5
After a standard system update you need to restart Quagga to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-3102-1
CVE-2016-4036, CVE-2016-4049
Package Information:
https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.1
https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.2
https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.5
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJX/4WfAAoJEGVp2FWnRL6TXDoP/0o4QbuvDwu7hj7xPTjstGo9
4A1HEm0gmnEoCeDGdJwQRmWFIwHPj1ifnjsxPPO2mVLSp/ek99xDtaYDibcv+Izk
qdqJR8VF86YAraMnj1uHQvFHyeFJ626G0exPpNpblZQl8ns6yhnxpE/bvZw3r0tq
F9WZvk7qRPWH6r7CFzURmIVEnp0gA65eawwpDo2nHazAfMTkLEzA3Q6uW4KhkiUQ
bOt8213PMb7Jx3/TtNj8rq4nWkqzxiE/4Zt64zUjWTmufke6QZAAXEBSVQxRErXj
6BlqS3Ftax+xLVMfCF+K07qKj3j1xqX0uD+PPq6l4Z7T37u3WdEpmNJZEwsOA2bw
0tnnylciRAuGRK9putVeC+saYPFKW4+yZal+thLK9X3AYozdsJgzf0UsxDSxhVR8
MPfqmXSG5ThYnvynhJ+jwQLVFdf3uz2KPQiSAfOJD36W2noYjlX/UEkd1g03NUc8
sAclxvBU4qNu1oOmyBv+UaT77nmSnPtkz5Ppw0br/JRCI+1uRqh1SoJ3wfAtHT2N
h6srWnm+8EX4DAPGCQuw3R113oaONEQFGq6FLB/kQLTgD5zWwoPURAm+oghAoUIJ
7B1vwWbZGUeFybpK7umQHcVSj6ZJ+d5RZDYaSq2XQr9MBmooaw2FkuyDiKpb+ykx
3Lo088fn1tqZxePNu2PJ
=itkL
—–END PGP SIGNATURE—–
—