Skip to navigation

Security Advisory quagga security update

Advisory: RHSA-2006:0525-5
Type: Security Advisory
Severity: Moderate
Issued on: 2006-06-01
Last updated on: 2006-06-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-2223
CVE-2006-2224
CVE-2006-2276

Details

Updated quagga packages that fix several security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Quagga manages the TCP/IP based routing protocol. It takes a multi-server
and multi-thread approach to resolve the current complexity of the Internet.

An information disclosure flaw was found in the way Quagga interprets RIP
REQUEST packets. RIPd in Quagga will respond to RIP REQUEST packets for RIP
versions that have been disabled or that have authentication enabled,
allowing a remote attacker to acquire information about the local network.
(CVE-2006-2223)

A route injection flaw was found in the way Quagga interprets RIPv1
RESPONSE packets when RIPv2 authentication is enabled. It is possible for a
remote attacker to inject arbitrary route information into the RIPd routing
tables. This issue does not affect Quagga configurations where only RIPv2
is specified. (CVE-2006-2224)

A denial of service flaw was found in Quagga's telnet interface. If an
attacker is able to connect to the Quagga telnet interface, it is possible
to cause Quagga to consume vast quantities of CPU resources by issuing a
malformed 'sh' command. (CVE-2006-2276)

Users of Quagga should upgrade to these updated packages, which contain
backported patches that correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

IA-32:
quagga-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 424c22075e47eaad5a39d1ffae6d12f0
quagga-contrib-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: ceb72b1d6d397937e95b265fe07506c2
quagga-devel-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2f723641cd3667ab3f71b3b037f3f1ee
 
x86_64:
quagga-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 3445db9b16c81b7949c292093447696e
quagga-contrib-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: b2e0ea7266db9aff12029cb12cfc5a59
quagga-devel-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ea23e24a534bae762383d659b2ea250
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
quagga-0.96.2-11.3E.i386.rpm
File outdated by:  RHSA-2007:0389
    MD5: 9161564a5722cb4bfe0ae7beb2b86057
 
IA-64:
quagga-0.96.2-11.3E.ia64.rpm
File outdated by:  RHSA-2007:0389
    MD5: c44d0a382713b4c0af22df5c1caa6d26
 
PPC:
quagga-0.96.2-11.3E.ppc.rpm
File outdated by:  RHSA-2007:0389
    MD5: 22137d5727fe3fc6ec094c792735a6ac
 
s390:
quagga-0.96.2-11.3E.s390.rpm
File outdated by:  RHSA-2007:0389
    MD5: 6b9f107b9c8e403cc70084e644047d60
 
s390x:
quagga-0.96.2-11.3E.s390x.rpm
File outdated by:  RHSA-2007:0389
    MD5: 23524c23823e5b2c5c936be3f924a2ba
 
x86_64:
quagga-0.96.2-11.3E.x86_64.rpm
File outdated by:  RHSA-2007:0389
    MD5: 8e752b034be7388f9487ccd502767699
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
quagga-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 424c22075e47eaad5a39d1ffae6d12f0
quagga-contrib-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: ceb72b1d6d397937e95b265fe07506c2
quagga-devel-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2f723641cd3667ab3f71b3b037f3f1ee
 
IA-64:
quagga-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 772fcd0889d99758eef81559e2921c18
quagga-contrib-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 240dbef8215983cace23e4ce75b17565
quagga-devel-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ed5fa5bda76e0c12e8fb37a78eb1c24
 
PPC:
quagga-0.98.3-2.4E.ppc.rpm
File outdated by:  RHSA-2010:0785
    MD5: c5e07e8add5263b5d6fd48ca8f626f86
quagga-contrib-0.98.3-2.4E.ppc.rpm
File outdated by:  RHSA-2010:0785
    MD5: 23b66824e77246d0d66288c960d59e23
quagga-devel-0.98.3-2.4E.ppc.rpm
File outdated by:  RHSA-2010:0785
    MD5: 08d3640a55e8c4324a3920f69520eaaa
 
s390:
quagga-0.98.3-2.4E.s390.rpm
File outdated by:  RHSA-2010:0785
    MD5: 046f86b73376db4020dbfb1e86035e68
quagga-contrib-0.98.3-2.4E.s390.rpm
File outdated by:  RHSA-2010:0785
    MD5: 9b98a6ede299736704f3d936f0b1d504
quagga-devel-0.98.3-2.4E.s390.rpm
File outdated by:  RHSA-2010:0785
    MD5: 0219dc67fd0a6ce68f872d8e3e4a4414
 
s390x:
quagga-0.98.3-2.4E.s390x.rpm
File outdated by:  RHSA-2010:0785
    MD5: 9bf4e48db2b520bc6b961439d83a7a93
quagga-contrib-0.98.3-2.4E.s390x.rpm
File outdated by:  RHSA-2010:0785
    MD5: 9c063760f39f25aad41268d84053fe71
quagga-devel-0.98.3-2.4E.s390x.rpm
File outdated by:  RHSA-2010:0785
    MD5: a91489306834d2101f437082aa6204ad
 
x86_64:
quagga-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 3445db9b16c81b7949c292093447696e
quagga-contrib-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: b2e0ea7266db9aff12029cb12cfc5a59
quagga-devel-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ea23e24a534bae762383d659b2ea250
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
quagga-0.96.2-11.3E.i386.rpm
File outdated by:  RHSA-2007:0389
    MD5: 9161564a5722cb4bfe0ae7beb2b86057
 
IA-64:
quagga-0.96.2-11.3E.ia64.rpm
File outdated by:  RHSA-2007:0389
    MD5: c44d0a382713b4c0af22df5c1caa6d26
 
x86_64:
quagga-0.96.2-11.3E.x86_64.rpm
File outdated by:  RHSA-2007:0389
    MD5: 8e752b034be7388f9487ccd502767699
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
quagga-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 424c22075e47eaad5a39d1ffae6d12f0
quagga-contrib-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: ceb72b1d6d397937e95b265fe07506c2
quagga-devel-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2f723641cd3667ab3f71b3b037f3f1ee
 
IA-64:
quagga-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 772fcd0889d99758eef81559e2921c18
quagga-contrib-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 240dbef8215983cace23e4ce75b17565
quagga-devel-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ed5fa5bda76e0c12e8fb37a78eb1c24
 
x86_64:
quagga-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 3445db9b16c81b7949c292093447696e
quagga-contrib-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: b2e0ea7266db9aff12029cb12cfc5a59
quagga-devel-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ea23e24a534bae762383d659b2ea250
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
quagga-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 424c22075e47eaad5a39d1ffae6d12f0
quagga-contrib-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: ceb72b1d6d397937e95b265fe07506c2
quagga-devel-0.98.3-2.4E.i386.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2f723641cd3667ab3f71b3b037f3f1ee
 
IA-64:
quagga-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 772fcd0889d99758eef81559e2921c18
quagga-contrib-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 240dbef8215983cace23e4ce75b17565
quagga-devel-0.98.3-2.4E.ia64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ed5fa5bda76e0c12e8fb37a78eb1c24
 
x86_64:
quagga-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 3445db9b16c81b7949c292093447696e
quagga-contrib-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: b2e0ea7266db9aff12029cb12cfc5a59
quagga-devel-0.98.3-2.4E.x86_64.rpm
File outdated by:  RHSA-2010:0785
    MD5: 2ea23e24a534bae762383d659b2ea250
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

191080 - CVE-2006-2223 Quagga RIPd information disclosure
191084 - CVE-2006-2224 Quagga RIPd route injection
191376 - CVE-2006-2276 quagga locks with command sh ip bgp


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/