|
|
Subscribe / Log in / New account

Ubuntu alert USN-7017-1 (quagga)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7017-1] Quagga vulnerability


Date:
              Tue, 17 Sep 2024 12:33:21 -0400


Message-ID:
              <a520bf32-8283-4447-b429-4d6974aea288@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7017-1
September 17, 2024

quagga vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Quagga could be made to crash if it received specially crafted network
traffic.

Software Description:
- quagga: BGP/OSPF/RIP routing daemon

Details:

Iggy Frankovic discovered that Quagga incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   quagga                          1.2.4-4ubuntu0.5
   quagga-bgpd                     1.2.4-4ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7017-1
   CVE-2024-44070

Package Information:
   https://launchpad.net/ubuntu/+source/quagga/1.2.4-4ubuntu0.5





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmbpr1EACgkQZWnYVadE
vpPJZA/+LIzywFsvntC3FO5zsujxrJ+Nsaw8hGoqoVmjg9sboj9Cul03UIcxrYGb
jQBF+shIxhR7wbtMKBzqW0r//gUEl3IZFx8i2rFC05TWxk7pGfKIFgLN9AhPLxci
0J+QgO0WWiltsm4/1265ZeIyQjJitj9Ll0byNkGCL2dEJ78loLgLfbfNbIwHyO+a
hV0yTD02wTLo5xeULSzC1w/ju3lTgymcmEiMVZGotIRZycoGafoWFxwypcBE6nCS
fMaiBWN5xY9Psctd7m2tjNJeyzpX0q8l8pPkIN6sLjGElkPiVCvYpsqaiGTbdw/C
Ayw49o8K0ja/6nJmovmV1HFjPV/Lmoui88mCq4OKq9/mAiq1GJddYwf0vQpb5OJa
o821RNAkGMz3YlBXcSBnnlAu3IzxrIgPySe7ymMji+IB9r7Sw7H6EeAxlVjxiZa5
XOAvgt4UnyChR8cwvCvdYDIvyXRO4ZLQLUj1Gr01O2DZ6q0uImByiArW+GSEhpjb
2zFpWHpMhryE4F3T43sjvCrVgb8PsWGqQijqQbpiS6pfUTfIX6NdME+S/1otYnUA
1vpyUMIcAu5IWOfuzHU4scVps9QfCFMunLp+6NBmj5Z7c4qy1Ti7yWS2jCDJ4FQq
NVZsO0wChAKG966zRXy6SzPgpyj92J2rRTku2I+Q5G3uh0loo+Q=
=X5ac
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds