U radu programskog paketa Quagga, za operacijske sustave Fedora 13 i 14, uočena su dva sigurnosna propusta. Riječ je o paketu koji se koristi za implementaciju BGP, OSPF i RIP mrežnih protokola za usmjeravanje IP paketa. Propusti su posljedica pogrešaka u "extended-community" analizatoru (eng. parser) te nepravilnosti u "bgpd" pozadinskom procesu (eng. daemon). Napadaču omogućuju izvođenje napada uskraćivanjem usluge (eng. Denial of Service). Korisnike se potiče na instalaciju novih programskih rješenja.

Fedora Update Notification
2011-03-23 22:07:42

Name        : quagga
Product     : Fedora 13
Version     : 0.99.18
Release     : 1.fc13
URL         : http://www.quagga.net
Summary     : Routing daemon
Description :
Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.

Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.

Quagga is intended to be used as a Route Server and a Route Reflector. It is
not a toolkit, it provides full routing power under a new architecture.
Quagga by design has a process for each protocol.

Quagga is a fork of GNU Zebra.


* Wed Mar 23 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.99.18-1
- fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws
- fixes #689763 - updated to latest upstream version 0.99.18
* Tue Aug 31 2010 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.99.17-1
- update to latest upstream
- fixes #628981 - CVE-2010-2948 and CVE-2010-2949
* Fri Jun 11 2010 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.99.15-3
- fixes #602851 - ships PAM config file, even though PAM is disabled
* Tue Jan 26 2010 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.99.15-2
- changes in spec file and init scritps (#226352)

  [ 1 ] Bug #654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed
extended community attribute in a route
  [ 2 ] Bug #654614 - CVE-2010-1675 quagga: BGP session reset by processing BGP
Update message with malformed AS-path attributes

This update can be installed with the "yum" update program.  Use 
su -c 'yum update quagga' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Fedora Update Notification
2011-03-23 22:07:53

Name        : quagga
Product     : Fedora 14
Version     : 0.99.18
Release     : 1.fc14
URL         : http://www.quagga.net
Summary     : Routing daemon
Description :
Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.

Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.

Quagga is intended to be used as a Route Server and a Route Reflector. It is
not a toolkit, it provides full routing power under a new architecture.
Quagga by design has a process for each protocol.

Quagga is a fork of GNU Zebra.


* Wed Mar 23 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.99.18-1
- fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws
- fixes #689763 - updated to latest upstream version 0.99.18

  [ 1 ] Bug #654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed
extended community attribute in a route
  [ 2 ] Bug #654614 - CVE-2010-1675 quagga: BGP session reset by processing BGP
Update message with malformed AS-path attributes

This update can be installed with the "yum" update program.  Use 
su -c 'yum update quagga' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Idi na vrh