A new Quagga vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-775-1 May 12, 2009
quagga vulnerability
CVE-2009-1572
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.5
Ubuntu 8.04 LTS:
quagga 0.99.9-2ubuntu1.2
Ubuntu 8.10:
quagga 0.99.9-6ubuntu0.1
Ubuntu 9.04:
quagga 0.99.11-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the BGP service in Quagga did not correctly
handle certain AS paths containing 4-byte ASNs. An authenticated remote
attacker could exploit this flaw to cause bgpd to abort, leading to a
denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz
Size/MD5: 37396 292a1fd54c54ee38c5516a9ca6523684
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc
Size/MD5: 808 d5f6cf9d134b206ae50a8cdb5ec440ef
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb
Size/MD5: 664112 e541fe24436631fe1dd0d9950c1d2e24
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb
Size/MD5: 1404040 736f2c09298720560f32fdd1d07034c4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb
Size/MD5: 1199076 382851e8e63c2d82a6b7be5a1dd3cbae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb
Size/MD5: 1351344 6251ec5c5d7f4c7bcbc955fc34949da7
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb
Size/MD5: 1322236 573027a1c4046355d7092ee6f9d1954a
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz
Size/MD5: 39821 d108390e18abfb164ac6add2059a70f4
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc
Size/MD5: 1022 1ed0ba0dad080309f1f7e4be0f938a86
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb
Size/MD5: 661654 00651b4ef4395f0482c2e8045fef3df4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb
Size/MD5: 1619694 1463126f4765b183d7d05439dce8e85e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb
Size/MD5: 1464662 4b47ad2b99897070c3d9e83b17d31fe6
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb
Size/MD5: 1461048 f43d4d089d177d8fda7b5e15c03c4fbd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb
Size/MD5: 1658536 6f57951e682174d9654138b6e64062a2
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb
Size/MD5: 1521228 b9eb0d80e54b06063a1cdb67fb4d127c
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz
Size/MD5: 39858 dd50ad39ebb03c42c684efe1bfc16a73
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc
Size/MD5: 1486 01d1272ad69971946c70ccff5dd2c1db
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb
Size/MD5: 661130 52ab02e56bffd388775e7add6943f72c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb
Size/MD5: 1729098 c77f07c11e21227fa219a5448f622fb0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb
Size/MD5: 1589616 8ecef808331e53dca0fe0b2f7e48049a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb
Size/MD5: 1565098 eba9788ae7b71fa2cc3d349a0b96ca6e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb
Size/MD5: 1693896 f0ee074951fdab1668a33cef036b02e5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb
Size/MD5: 1643386 e791fa01f8b51ca7b7bfaa9e74cd7aac
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz
Size/MD5: 39815 af681588d24ed13e1ba223a9294423e3
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc
Size/MD5: 1493 9c1d0c8987369d2a4cbd4d15dfd1cf6e
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz
Size/MD5: 2192249 903e40c744730ad4d62bee872eeb813b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb
Size/MD5: 631710 9157ee95937ad02265b5605896577ebe
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb
Size/MD5: 1708300 f9fc9256058948fd82aec0aefddbad56
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb
Size/MD5: 1570358 dc112519bd1248bd480d394ec710c339
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb
Size/MD5: 1545774 6c068d3ab5d334cee19e6290bb8c2bc1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb
Size/MD5: 1674212 82de163f2602d256caddb75c124afb54
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb
Size/MD5: 1623648 34b17f42f4dc5a396d7442550f53400d
--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>
iEYEARECAAYFAkoJ+XQACgkQH/9LqRcGPm2wiACggMrndOAm7W1MAZN3J8Dv58px
3NcAnjq3o0dSwpnAfHkFBypD4cuzPXsx
³gi
-----END PGP SIGNATURE-----