[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] Re: [Full-disclosure] [SECURITY] [DSA 1787-1] New quagga packages fixdenial of service

 
-- 
Nicolas Lidzborski
Sr. Security Engineer
Qualys, Inc.



----- Original Message -----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx <full-disclosure-bounces@xxxxxxxxxxxxxxxxx>
To: debian-security-announce@xxxxxxxxxxxxxxxx <debian-security-announce@xxxxxxxxxxxxxxxx>
Sent: Mon May 04 13:19:03 2009
Subject: [Full-disclosure] [SECURITY] [DSA 1787-1] New quagga packages fixdenial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1788-1                  security@xxxxxxxxxx
link://[click]                           Florian Weimer
May 04, 2009                          link://[click]
- ------------------------------------------------------------------------

Package        : quagga
Vulnerability  : improper assertion
Problem type   : remote
Debian-specific: no
Debian Bug     : 526311

It was discovered that Quagga, an IP routing daemon, could no longer
process the Internet routing table due to broken handling of multiple
4-byte AS numbers in an AS path.  If such a prefix is received, the
BGP daemon crashes with an assert failure, leading to a denial of
service.



The old stable distribution (etch) is not affected by this issue.



For the stable distribution (lenny), this problem has been fixed in
version 0.99.10-1lenny2.



For the unstable distribution (sid), this problem has been fixed in
version 0.99.11-2.



We recommend that you upgrade your quagga package.



Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.



If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.




Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  link://[click]
    Size/MD5 checksum:  2424191 c7a2d92e1c42214afef9b2e1cd4b5d06
  link://[click]
    Size/MD5 checksum:    40070 b72e19ed913b32923cf4ef293c67f71c
  link://[click]
    Size/MD5 checksum:     1651 a8ef80d57fd5a5a5b08c7ccc70e6a179

Architecture independent packages:

  link://[click]
    Size/MD5 checksum:   661226 720947423143cb35eb5c26a0d420066b

alpha architecture (DEC Alpha)

  link://[click]
    Size/MD5 checksum:  1902736 570becd04ecb3dd8a0581010884928df

amd64 architecture (AMD x86_64 (AMD64))

  link://[click]
    Size/MD5 checksum:  1748838 f3fcd731d119c422463c36bb4f08be1a

arm architecture (ARM)

  link://[click]
    Size/MD5 checksum:  1449222 6b654e2d4e1a4f00169309ebbbd3dbf9

hppa architecture (HP PA RISC)

  link://[click]
    Size/MD5 checksum:  1681872 8894106d57df0a3d92bb84f148150c2d

i386 architecture (Intel ia32)

  link://[click]
    Size/MD5 checksum:  1606310 80046937a2da8a949a8167f753a583ce

mipsel architecture (MIPS (Little Endian))

  link://[click]
    Size/MD5 checksum:  1600660 716f61415932929c2f668f99faea448e

powerpc architecture (PowerPC)

  link://[click]
    Size/MD5 checksum:  1715848 995194031d563994b7d77018d8a4ca3e

s390 architecture (IBM S/390)

  link://[click]
    Size/MD5 checksum:  1794568 b1b47e8dae153461f73c98a61c653e1e

sparc architecture (Sun SPARC/UltraSPARC)

  link://[click]
    Size/MD5 checksum:  1670342 18f98f0978f510ac18636ca1ccc9dfe7


  These files will probably be moved into the stable distribution on
  its next update.



- ---------------------------------------------------------------------------------
For apt-get: deb link://[click] stable/updates main
For dpkg-ftp: link://[click] dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and link://[click]<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJ/08zAAoJEL97/wQC1SS+0U4H/ArnEIvYBJjOsUJ/nKZ8q/Vw
sAGVI8TJjbrjuE/28vFyiJbT4qb977i9W4lgHiCtpCSaKo3YermLUZ+NSFxP280n
czPtpIcq2lmOwdasq5xueH57cYztP9MdWTKlts79rfDjlK6T5o7dO9bN5iCKsgW9
GCC2ZeJqdY20NTtoSz8OHb9DLljnrvXxPtwv5Z7UPBaHvamvH41oxKLpdE1u274Y
xt5XJ5xiqqxKWxRHNYk0sINTqOiR0eHDIEXwUBM7XOu4GL1CIK7kz4/V+b8H+y+3
g8bxPXFVOcG6KTglwwsUf2utOuFKyrBryXUcwW1ZsF2BGVDuS8LoAaACpuO6mII=
=Eb+C
-----END PGP SIGNATURE-----


Full-Disclosure - We believe in it.


Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]

Full-Disclosure - We believe in it.


Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]

Precedent par Date: Re: [Full-disclosure] Full-disclosure Anti virus installations on Windows servers
Suivant par Date: Re: [Full-disclosure] Big up to torpig authors
Precedent par fil : [Full-disclosure] [USN-770-1] ClamAV vulnerability
Suivant par fil : [Full-disclosure] [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :

curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter