Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2747 quagga security update 31 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: quagga Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-16227 Original Bulletin: http://www.debian.org/security/2017/dsa-4011 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running quagga check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4011-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : quagga CVE ID : CVE-2017-16227 Debian Bug : 879474 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. For the oldstable distribution (jessie), this problem has been fixed in version 0.99.23.1-1+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1.1.1-3+deb9u1. We recommend that you upgrade your quagga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln3hTFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8YA//dSQ0B+YeZ9Za852evhaIDQe0VmCy/q8ilGzvIRSdl3gAWm3WcG7RNnc1 J6iXtBrR6TzaXLC82vQpOLUjHrlwZdiyQqyA5hMUP+tNnP9jnU8eNYgDEgr86DkR ICV/cTPV0ZYXus68zXlElQGcnMny3DXD3nR7u1BlF7bYUB7r6xTUS2qvxV423XeZ Gor7LJhmBuIykmJcQuMIR6CUNsXSHa7ZB7ebREG7ltF6oPMRpwD4ekZN70RskAAA HXO29RR3Fio+oN36sT8gVsG1WSaKioPttQ+EmeoIy2UhoP92DQNw7YXhZzz94XE4 cTcTgLd5vCjNNwVU+I/zo1tAx54MJZRyPWcLtKnQ+/Q6Cw3FDQNWaBNKPI8FxnHu gZKotp8sJa+Om3cZirxLDTY+dA/1cJ6frJTMpqKovGJ0pOh7SikPXqdu5VfcBwA8 howsGEHxK+8IC30lYUIK85Qe9byZC0gQPok51hR1+jBJO4zFqeMRkNjw9TKPqoA9 RBGumvS0jR/rBJWaSjpfj2idTqzNYsK11lgfrD+ZvnWQuQniWGHhtwrp0JHRop8u IAcpJWxVYqO0+CJiez4Gj35XBVaYx5f5vZ6nYYxUwIzwuBOpgdeNx/Xs5axsWohT eyq4GwigItHnBb/Hw9R8Mxx78PnHNoC8kWOS1iXRtPMAZuokLtM= =EjLm - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWfff/4x+lLeg9Ub1AQhtKg//YGb+zrpzFaviqyGo31GNXw5joRKpVZcZ eg3ex8ziJ8Z8o3i1BsYHBPMj4r2lnzEwV4rSsU+8109F9dbKMd9aMkQxitwxQyh5 fT/ofPojvBw0jm8QYkigiE6HTvPfBi/Guh8CNdnK9D1D+flDgobq8BtgvFZRUbd5 yIWGbmtRjHD+J5k9WLd+9gf4pCIlJyYa4HEYPhlUs/pg6MlZSMKrGXf7IYbzCdQS eg/sTsz2IgkwDdQZtV/uqFHbWj5OXVuyWlv3JOYgraTnUloQjJpLDhmDpH11oJAt DHyFTZQZPx+kqIKmCtoalgjJcYRm+iBUkgCiBfqPVTwdPMNHvHjXKwdyaXhlvO3P RqbQSeoCqyKrVzZmDl9EzD1QqTNbsjvxU8OweUqUu9y1cRv//5lTwI3jmrc/9SK1 HgBbq/IU7OVxGwwaq9hE307vwyKWW+qYHzdyzmR1lagmQETIUogDyLLHBocZyE0c bE1KkoER1pZ3TWwJ91Xz3U8kHDOKzhWZ+q80Xg+4NbEzm7VTj1r3dpKZqVrNX47J 8kYTKT90+c2rKVEBdhFEwookSSPwTer1Izy+/vS6lQh22fZTKsSiHjFs6YDagsik 8/qv0BodzhzbIOHkDuFsPSlr9RvI0klsRNA6roVShGGl2cqzh6r4EFmwBr7s5Hsd okcgY2uPKR0= =HJRH -----END PGP SIGNATURE-----