it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3532-1] quagga security update
- Date: Sun, 27 Mar 2016 15:17:03 +0000
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Sun, 27 Mar 2016 15:17:20 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <GcxgdZomPAO.A.7wH.Am_9WB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3532-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 27, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : quagga
CVE ID : CVE-2016-2342
Debian Bug : 819179
Kostya Kortchinsky discovered a stack-based buffer overflow
vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP
routing daemon. A remote attacker can exploit this flaw to cause a
denial of service (daemon crash), or potentially, execution of arbitrary
code, if bgpd is configured with BGP peers enabled for VPNv4.
For the oldstable distribution (wheezy), this problem has been fixed
in version 0.99.22.4-1+wheezy2.
For the stable distribution (jessie), this problem has been fixed in
version 0.99.23.1-1+deb8u1.
We recommend that you upgrade your quagga packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJW9/cBAAoJEAVMuPMTQ89EexkP/2oxhCmf6B/94AmfzsK7bCKj
zkK/TkthZimJvoacgplS2yP/nwkNtmF8Is1NVQ7IVar0cuuma0tlOi4E9YOg1FOr
uD8lCzSzwfzaZJmoxnkuKzoK3imcBh5ofd0byljtYINH9/bufz1THB3POLDviAXj
VS0tGQKmU1NuKJir0XkDCDLs3pmlAIqVbPbji7ZoT2/PLmVC0xw1dn1rOPdPkonv
83DEVnViLQqn1mfOUK8SvhLtv8L2OF9zoU80YS6124TfepAsQ97tKvOgd0MVzCkI
lXzSF4x56BPyr93QvhDNQReAbUzZ3S9fhe72nm6qXdMSejXNd3mrL2dILoxiEcw7
b5Ww6Zlux7rOCGczvTD9MPhqcVt9Hmbvltr++hYQdxxVkc7bPhbR1fdDuJa00sqc
Ui2KCUmtBrmZSTfHGpXfkmRre9+MtSkcC+nzNd52zVLR7pDQL6+dPejLqdVnu0ZO
xGXozu3tP352bO5D9JGfj/mMtEVluF/Co++DM5rMPzIFr0057AijrgdklNqMwpsF
unNZ6Kyz/S/g1wIHUKQpLfCaILRoD/2BetDIonmSCgmdKOT6s3nIY3AZDCcPVl7h
981IlMOybP+dTyKrxCp4TfirgW6duk9GdWyfs0mwO3M5k4YEyhMSGexkg2zBU/oI
T66YgV7DRQWl1FsJf5mh
=CrC5
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3532-1] quagga security update, Salvatore Bonaccorso, 27.03.2016
Archiv bereitgestellt durch MHonArc 2.6.19.