Site icon 지락문화예술공작단

USN-2941-1: Quagga vulnerabilities

USN-2941-1: Quagga vulnerabilities

Ubuntu Security Notice USN-2941-1

24th March, 2016

quagga vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Quagga could be made to crash or run programs if it received specially
crafted network traffic.

Software description

Details

Kostya Kortchinsky discovered that Quagga incorrectly handled certain route
data when configured with BGP peers enabled for VPNv4. A remote attacker
could use this issue to cause Quagga to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2016-2342)

It was discovered that Quagga incorrectly handled messages with a large
LSA when used in certain configurations. A remote attacker could use this
issue to cause Quagga to crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
quagga

0.99.24.1-2ubuntu0.1
Ubuntu 14.04 LTS:
quagga

0.99.22.4-3ubuntu1.1
Ubuntu 12.04 LTS:
quagga

0.99.20.1-0ubuntu0.12.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Quagga to make all the
necessary changes.

References

CVE-2013-2236,

CVE-2016-2342

Source: USN-2941-1: Quagga vulnerabilities

Exit mobile version