-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3532-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga CVE ID : CVE-2016-2342 Debian Bug : 819179 Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4. For the oldstable distribution (wheezy), this problem has been fixed in version 0.99.22.4-1+wheezy2. For the stable distribution (jessie), this problem has been fixed in version 0.99.23.1-1+deb8u1. We recommend that you upgrade your quagga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW9/cBAAoJEAVMuPMTQ89EexkP/2oxhCmf6B/94AmfzsK7bCKj zkK/TkthZimJvoacgplS2yP/nwkNtmF8Is1NVQ7IVar0cuuma0tlOi4E9YOg1FOr uD8lCzSzwfzaZJmoxnkuKzoK3imcBh5ofd0byljtYINH9/bufz1THB3POLDviAXj VS0tGQKmU1NuKJir0XkDCDLs3pmlAIqVbPbji7ZoT2/PLmVC0xw1dn1rOPdPkonv 83DEVnViLQqn1mfOUK8SvhLtv8L2OF9zoU80YS6124TfepAsQ97tKvOgd0MVzCkI lXzSF4x56BPyr93QvhDNQReAbUzZ3S9fhe72nm6qXdMSejXNd3mrL2dILoxiEcw7 b5Ww6Zlux7rOCGczvTD9MPhqcVt9Hmbvltr++hYQdxxVkc7bPhbR1fdDuJa00sqc Ui2KCUmtBrmZSTfHGpXfkmRre9+MtSkcC+nzNd52zVLR7pDQL6+dPejLqdVnu0ZO xGXozu3tP352bO5D9JGfj/mMtEVluF/Co++DM5rMPzIFr0057AijrgdklNqMwpsF unNZ6Kyz/S/g1wIHUKQpLfCaILRoD/2BetDIonmSCgmdKOT6s3nIY3AZDCcPVl7h 981IlMOybP+dTyKrxCp4TfirgW6duk9GdWyfs0mwO3M5k4YEyhMSGexkg2zBU/oI T66YgV7DRQWl1FsJf5mh =CrC5 -----END PGP SIGNATURE-----