Debian Security Advisory 3532-1

Debian Security Advisory 3532-1: Posted Mar 28, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3532-1 - Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4.; tags | advisory, remote, denial of service, overflow, arbitrary; systems | linux, debian; advisories | CVE-2016-2342; SHA-256 | cef9d895c39bbbb7661a16e382b449ce003efe7088ec7a48f82bdd410511a3ac; Download | Favorite | View

Debian Security Advisory 3532-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3532-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 27, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quagga
CVE ID         : CVE-2016-2342
Debian Bug     : 819179

Kostya Kortchinsky discovered a stack-based buffer overflow
vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP
routing daemon. A remote attacker can exploit this flaw to cause a
denial of service (daemon crash), or potentially, execution of arbitrary
code, if bgpd is configured with BGP peers enabled for VPNv4.

For the oldstable distribution (wheezy), this problem has been fixed
in version 0.99.22.4-1+wheezy2.

For the stable distribution (jessie), this problem has been fixed in
version 0.99.23.1-1+deb8u1.

We recommend that you upgrade your quagga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW9/cBAAoJEAVMuPMTQ89EexkP/2oxhCmf6B/94AmfzsK7bCKj
zkK/TkthZimJvoacgplS2yP/nwkNtmF8Is1NVQ7IVar0cuuma0tlOi4E9YOg1FOr
uD8lCzSzwfzaZJmoxnkuKzoK3imcBh5ofd0byljtYINH9/bufz1THB3POLDviAXj
VS0tGQKmU1NuKJir0XkDCDLs3pmlAIqVbPbji7ZoT2/PLmVC0xw1dn1rOPdPkonv
83DEVnViLQqn1mfOUK8SvhLtv8L2OF9zoU80YS6124TfepAsQ97tKvOgd0MVzCkI
lXzSF4x56BPyr93QvhDNQReAbUzZ3S9fhe72nm6qXdMSejXNd3mrL2dILoxiEcw7
b5Ww6Zlux7rOCGczvTD9MPhqcVt9Hmbvltr++hYQdxxVkc7bPhbR1fdDuJa00sqc
Ui2KCUmtBrmZSTfHGpXfkmRre9+MtSkcC+nzNd52zVLR7pDQL6+dPejLqdVnu0ZO
xGXozu3tP352bO5D9JGfj/mMtEVluF/Co++DM5rMPzIFr0057AijrgdklNqMwpsF
unNZ6Kyz/S/g1wIHUKQpLfCaILRoD/2BetDIonmSCgmdKOT6s3nIY3AZDCcPVl7h
981IlMOybP+dTyKrxCp4TfirgW6duk9GdWyfs0mwO3M5k4YEyhMSGexkg2zBU/oI
T66YgV7DRQWl1FsJf5mh
=CrC5
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3532-1

Debian Security Advisory 3532-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3532-1

Share This

Debian Security Advisory 3532-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems