TITLE:
Ubuntu update for Quagga

SECUNIA ADVISORY ID:
SA20137

VERIFY ADVISORY:
http://secunia.com/advisories/20137/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Exposure of system information, DoS

WHERE:
>From local network

OPERATING SYSTEM:
Ubuntu Linux 5.04
http://secunia.com/product/5036/
Ubuntu Linux 5.10
http://secunia.com/product/6606/

DESCRIPTION:
Ubuntu has issued an update for Quagga. This fixes two security
issues and a vulnerability, which can be exploited by malicious,
local users to cause a DoS (Denial of Service) and by malicious
people to bypass certain security restrictions, and to disclose
system information.

For more information:
SA19910
SA20116

SOLUTION:
Apply updated packages.

-- Ubuntu 5.04 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ubuntu1.1.diff.gz
Size/MD5: 38413 eda4c03884896ba450f16ee70f8c082a
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ubuntu1.1.dsc
Size/MD5: 714 22a7196923c807617fcd995c01c340b1
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3.orig.tar.gz
Size/MD5: 1964834 9015a5c61b22dc4e51b07fdc9bdadfd1

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.97.3-1ubuntu1.1_all.deb
Size/MD5: 477692 15527f6d3580a5327a31a6244cfc78f7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ubuntu1.1_amd64.deb
Size/MD5: 1345612 75b7044e62475f2b4b6bf4a2c682f681

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ubuntu1.1_i386.deb
Size/MD5: 1124086 9ff534e9d6a717b340d448b486f5a8de

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.97.3-1ubuntu1.1_powerpc.deb
Size/MD5: 1245250 acaa9feaf12f20e42407d25103b698bd

-- Ubuntu 5.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.1-1ubuntu1.1.diff.gz
Size/MD5: 27760 5577e4835dca7dce5d857ca843c43358
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.1-1ubuntu1.1.dsc
Size/MD5: 722 f2690f9ed75e966362870c591e4e5a72
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.1.orig.tar.gz
Size/MD5: 2107583 afd8c23a32050be76e55c28ec9dcff73

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.1-1ubuntu1.1_all.deb
Size/MD5: 580362 af8e02b1ef292dc9e883a24b644d3e3f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.1-1ubuntu1.1_amd64.deb
Size/MD5: 1418614 6d36f2bc13d16f87d8bed040dfdfcc0d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.1-1ubuntu1.1_i386.deb
Size/MD5: 1204568 39d90181e76908dabf23d4bee37c220e

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-284-1

OTHER REFERENCES:
SA19910:
http://secunia.com/advisories/19910/

SA20116:
http://secunia.com/advisories/20116/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------