Exploit the possiblities

Ubuntu Security Notice USN-3471-1

Ubuntu Security Notice USN-3471-1
Posted Nov 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3471-1 - Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-16227, CVE-2017-5495
MD5 | 1e0338625f876b7459734f6bcabf63b5

Ubuntu Security Notice USN-3471-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-3471-1
October 31, 2017

quagga vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Quagga.

Software Description:
- quagga: BGP/OSPF/RIP routing daemon

Details:

Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service. (CVE-2017-16227)

Quentin Young discovered that Quagga incorrectly handled memory in the
telnet vty CLI. An attacker able to connect to the telnet interface could
possibly use this issue to cause Quagga to consume memory, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-5495)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
quagga 1.1.1-3ubuntu0.1
quagga-bgpd 1.1.1-3ubuntu0.1

Ubuntu 17.04:
quagga 1.1.1-1ubuntu0.1
quagga-bgpd 1.1.1-1ubuntu0.1

Ubuntu 16.04 LTS:
quagga 0.99.24.1-2ubuntu1.3

Ubuntu 14.04 LTS:
quagga 0.99.22.4-3ubuntu1.4

After a standard system update you need to restart Quagga to make all the
necessary changes.

References:
https://www.ubuntu.com/usn/usn-3471-1
CVE-2017-16227, CVE-2017-5495

Package Information:
https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.1
https://launchpad.net/ubuntu/+source/quagga/1.1.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.3
https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.4


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close