Articles / Ubuntu: New Quagga packages…

Ubuntu: New Quagga packages fix security vulnerability

It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. A remote authenticated attacker could use this flaw to cause a denial of service or potentially execute arbitrary code. It was discovered that Quagga incorrectly parsed certain AS paths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-1027-1          December 07, 2010
quagga vulnerabilities
CVE-2010-2948, CVE-2010-2949
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
 quagga                          0.99.2-1ubuntu3.7

Ubuntu 8.04 LTS:
 quagga                          0.99.9-2ubuntu1.4

Ubuntu 9.10:
 quagga                          0.99.13-1ubuntu0.1

Ubuntu 10.04 LTS:
 quagga                          0.99.15-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Quagga incorrectly handled certain Outbound Route
Filtering (ORF) records. A remote authenticated attacker could use this
flaw to cause a denial of service or potentially execute arbitrary code.
The default compiler options for Ubuntu 8.04 LTS and later should reduce
the vulnerability to a denial of service. (CVE-2010-2948)

It was discovered that Quagga incorrectly parsed certain AS paths. A remote
attacker could use this flaw to cause Quagga to crash, resulting in a
denial of service. (CVE-2010-2949)


Updated packages for Ubuntu 6.06 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.diff.gz
     Size/MD5:    35595 33d87fda16424363b5ed66d76a0e84d0
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.dsc
     Size/MD5:     1411 dfa7ab569c6be50f015f0261a767dd68
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
     Size/MD5:  2185137 88087d90697fcf5fe192352634f340b3

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.7_all.deb
     Size/MD5:   664604 6ddb00d23f3d3fabbc1a35c9841a089a

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_amd64.deb
     Size/MD5:  1404736 31f4c356a361b0a1fe7c98e835f03d7e

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_i386.deb
     Size/MD5:  1198278 3e99ddcc24b9bd6fb69f1c6dda66daf3

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_powerpc.deb
     Size/MD5:  1351762 67ae0179e652e156153f835db2ede8e9

 sparc architecture (Sun SPARC/UltraSPARC):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_sparc.deb
     Size/MD5:  1322666 6b282053912522c536a80263e3f713f9

Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.diff.gz
     Size/MD5:    38201 c7162c4df4238379c40f153ab9bcfe86
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.dsc
     Size/MD5:     1625 cb3558332bc96c2caa5b804fdc758759
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
     Size/MD5:  2341067 4dbdaf91bf6609803819d97d5fccc4c9

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.4_all.deb
     Size/MD5:   661896 d8652bb4873a02f46d8d294683e84e38

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_amd64.deb
     Size/MD5:  1622304 7288179aa5eb7c264135ab9980219d42

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_i386.deb
     Size/MD5:  1464836 36ddbb4a047833b00efd1d4387e6bec3

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_lpia.deb
     Size/MD5:  1462038 5f4d47c79fe72cd2053d1c1b5f90799c

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_powerpc.deb
     Size/MD5:  1659270 40512b0af9e48b4f0a168056c9079f48

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_sparc.deb
     Size/MD5:  1521808 bb4a215458bac828223fe5d2327a9242

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.diff.gz
     Size/MD5:    35758 bc638ecdc3c5ba6875a5fa0650e823f6
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.dsc
     Size/MD5:     2067 915cb6412ba0b183d30ccecfddc6305d
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz
     Size/MD5:  2172551 55a7d2dcf016580a7c7412b3518cd942

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.1_all.deb
     Size/MD5:   661742 96564df91c4e730debff081d7f7c7e23

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_amd64.deb
     Size/MD5:  1703042 bcb10b9a8aeb2706774a99c0a4fbd023

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_i386.deb
     Size/MD5:  1565484 d8aed87d44dd6e19855edd6a996ffc48

 armel architecture (ARM Architecture):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_armel.deb
     Size/MD5:  1492928 9918fb7f70e64228595b2478b0a49895

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_lpia.deb
     Size/MD5:  1550556 e6a6b180c48dc674bad96b78cfb11e9c

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_powerpc.deb
     Size/MD5:  1646106 35bbb927b20b4958f13054abca9b4c13

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_sparc.deb
     Size/MD5:  1624194 a2b3db7964330d62887c1419c76544b6

Updated packages for Ubuntu 10.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.diff.gz
     Size/MD5:    37257 6c2c7cccfe10a755a30ef5e61f52f586
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.dsc
     Size/MD5:     2048 18d2ea42d79292d8c433565c07d3a802
   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz
     Size/MD5:  2191159 8975414c76a295f4855a417af0b5ddce

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.1_all.deb
     Size/MD5:   764130 2acf3dd06310bd40d4219920d09b5767

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_amd64.deb
     Size/MD5:  1713858 6497631ad251f9c5788e646e79946820

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_i386.deb
     Size/MD5:  1573456 2aec1c1a97bc1cc0df79e228e6869f1b

 armel architecture (ARM Architecture):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_armel.deb
     Size/MD5:  1516254 689a3e791a6df9875286dec65690f5fe

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_powerpc.deb
     Size/MD5:  1653722 1606bb5360480b6b6cbe19263a30fa69

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_sparc.deb
     Size/MD5:  1669496 5d54eb4c68cb61153b1e173f7337ec1e
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.