quagga-0.99.15-14.AXS4

エラータID: AXSA:2017-1369:01

Release date: 
Wednesday, March 22, 2017 - 22:08
Subject: 
quagga-0.99.15-14.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.

Quagga supports BGP4, BGP4 , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.

Quagga is intended to be used as a Route Server and a Route Reflector. It is
not a toolkit, it provides full routing power under a new architecture.
Quagga by design has a process for each protocol.

Quagga is a fork of GNU Zebra.

Security issues fixed with this release:

CVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function
in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when
--enable-opaque-lsa and the -a command line option are used, allows
remote attackers to cause a denial of service (crash) via a large LSA.
CVE-2016-1245
It was discovered that the zebra daemon in Quagga before 1.0.20161017
suffered from a stack-based buffer overflow when processing IPv6
Neighbor Discovery messages. The root cause was relying on BUFSIZ to be
compatible with a message size; however, BUFSIZ is system-dependent.
CVE-2016-2342
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI
parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4
configuration is used, relies on a Labeled-VPN SAFI routes-data length
field during a data copy, which allows remote attackers to execute
arbitrary code or cause a denial of service (stack-based buffer
overflow) via a crafted packet.
CVE-2016-4049
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does
not perform size checks when dumping data, which might allow remote
attackers to cause a denial of service (assertion failure and daemon
crash) via a large BGP packet.
CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an
unbounded memory allocation in the telnet 'vty' CLI, leading to a
Denial-of-Service of Quagga daemons, or even the entire host. When
Quagga daemons are configured with their telnet CLI enabled, anyone who
can connect to the TCP ports can trigger this vulnerability, prior to
authentication. Most distributions restrict the Quagga telnet interface
to local access only by default. The Quagga telnet interface 'vty'
input buffer grows automatically, without bound, so long as a newline
is not entered. This allows an attacker to cause the Quagga daemon to
allocate unbounded memory by sending very long strings without a
newline. Eventually the daemon is terminated by the system, or the
system itself runs out of memory. This is fixed in Quagga 1.1.1 and
Free Range Routing (FRR) Protocol Suite 2017-01-10.

Additional Changes:

Solution: 

Update package.

CVEs: 
CVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
CVE-2016-1245
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
CVE-2016-2342
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
CVE-2016-4049
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
Additional Info: 

N/A

Download: 

SRPMS
  1. quagga-0.99.15-14.AXS4.src.rpm
    MD5: d4b53402f52d111a4da860f0942a1dc0
    SHA-256: 4782075542329d4e57a4e9c3d354286e6fdc2153bdf9c8241b3be4139f54c89b
    Size: 2.16 MB

Asianux Server 4 for x86
  1. quagga-0.99.15-14.AXS4.i686.rpm
    MD5: cd91494c4da5e55ba9fa425908f086f0
    SHA-256: 9b761fb9ff38c718d76f65c03a84642112e80d1e1d83c21a2c413c277da6d85c
    Size: 1.04 MB

Asianux Server 4 for x86_64
  1. quagga-0.99.15-14.AXS4.x86_64.rpm
    MD5: b9c3ead7fc62d747c509f883f6d48a4d
    SHA-256: 3b3efe896714367bb5035f09fc23a489d8d617837374b52f5c43e82a5ed12ba4
    Size: 1.06 MB