Re: [SECURITY] [DSA 3654-1] quagga security update

[Steven Conrad Bayer <steven.bayer@neunzichgrad.de>]

Hello Daniel,

you can unsubscribe from list here:
https://lists.debian.org/debian-security/

Regards,

Steven

Am 26.08.2016 um 13:04 schrieb Daniel Chen:
> unsubscrbe > > > On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond <seb@debian.org <mailto:seb@debian.org>> wrote: >

-------------------------------------------------------------------------
Debian Security Advisory DSA-3654-1                   security@debian.org <mailto:security@debian.org>
https://www.debian.org/security/ <https://www.debian.org/security/>                       Sebastien Delafond
August 26, 2016                       https://www.debian.org/security/faq <https://www.debian.org/security/faq>
-------------------------------------------------------------------------

Package        : quagga
CVE ID         : CVE-2016-4036 CVE-2016-4049
Debian Bug     : 822787 835223

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
daemon.

  CVE-2016-4036

     Tamás Németh discovered that sensitive configuration files in
     /etc/quagga were world-readable despite containing sensitive
     information.

  CVE-2016-4049

    Evgeny Uskov discovered that a bgpd instance handling many peers
    could be crashed by a malicious user when requesting a route dump.

For the stable distribution (jessie), these problems have been fixed in
version 0.99.23.1-1+deb8u2.

We recommend that you upgrade your quagga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/ <https://www.debian.org/security/>

Mailing list: debian-security-announce@lists.debian.org <mailto:debian-security-announce@lists.debian.org>

> > > > > > **************** CAUTION - Disclaimer ***************** > > *This e-mail communication (including any and all attachments transmitted with it) may contain legally privileged and confidential information and is intended solely for the use of the recipient named. If the reader of this e-mail communication is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this e-mail communication (including any and all attachments), or any of its contents, is strictly prohibited. If you have received this e-mail communication in error, please notify the sender immediately by electronic mail (sender's e-mail address). Thereafter, immediately delete the original e-mail communication (including any and all attachments), all copies, including but not limited to, all backups thereof from your computer system.  Thank you* > > ****************** End of Disclaimer ***OliveTech****** > >

--

*
****Steven Conrad Bayer*
System Administrator

Mobil:        +49 (0) 157 34 81 46 53
E-Mail:       steven.bayer@neunzichgrad.de <mailto:steven.bayer@neunzichgrad.de>

NEUNZICHGRAD Logo

*NEUNZICHGRAD UG (haftungsbeschränkt)*
Starenweg 2 in 41564 Kaarst

Festnetz:    +49 (0) 2131 79 66 11
E-Mail:        info@neunzichgrad.de <mailto:info@neunzichgrad.de>
Web:           www.neunzichgrad.de <https://neunzichgrad.de>

Deutsche Bank
BIC:      DEUTDEDDXXX
IBAN:   DE52 3007 0010 0957 9590 00
Handelsregister Neuss HRB 17285

CONFIDENTIALITY NOTICE: This message (including any attachments) contains information that may be confidential. Unless you are the intended recipient
(or authorized to receive for the intended recipient, you may not read, print, retain, use, copy, distribute or disclose to anyone the message or any information contained in the message.
If you have received the message in error, please advise the sender by reply e-mail, and destroy all copies of the original message (including any attachments)