ESB-2017.2163 - [SUSE] Quagga: Denial of service - Remote/unauthenticated 2017-08-30

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2163
             SUSE Security Update: Security update for quagga
                              30 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Quagga
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Denial of Service -- Remote/Unauthenticated
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-5495 CVE-2016-1245 

Reference:        ESB-2017.0756
                  ESB-2016.2478
                  ESB-2016.2452
                  ESB-2016.2440

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for quagga
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2294-1
Rating:             important
References:         #1005258 #1021669 #1034273 
Cross-References:   CVE-2016-1245 CVE-2017-5495
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:

   This update provides Quagga 1.1.1, which brings several fixes and
   enhancements.

   Security issues fixed:

   - CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory
     allocation. (bsc#1021669)
   - CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258)

   Bug fixes:

   - Do not enable zebra's TCP interface (port 2600) to use default UNIX
     socket for communication between the daemons. (fate#323170)

   Between 0.99.22.1 and 1.1.1 the following improvements have been
   implemented:

   - Changed the default of 'link-detect' state, controlling whether zebra
     will respond to link-state events and consider an interface to be down
     when link is down. To retain the current behavior save your config
     before updating, otherwise remove the 'link-detect' flag from your
     config prior to updating. There is also a new global 'default
     link-detect (on|off)' flag to configure the global default.
   - Greatly improved nexthop resolution for recursive routes.
   - Event driven nexthop resolution for BGP.
   - Route tags support.
   - Transport of TE related metrics over OSPF, IS-IS.
   - IPv6 Multipath for zebra and BGP.
   - Multicast RIB support has been extended. It still is IPv4 only.
   - RIP for IPv4 now supports equal-cost multipath (ECMP).
   - route-maps have a new action "set ipv6 next-hop peer-address".
   - route-maps have a new action "set as-path prepend last-as".
   - "next-hop-self all" to override nexthop on iBGP route reflector setups.
   - New pimd daemon provides IPv4 PIM-SSM multicast routing.
   - IPv6 address management has been improved regarding tentative addresses.
     This is visible in that a freshly configured address will not
     immediately be marked as usable.
   - Recursive route support has been overhauled. Scripts parsing "show ip
     route" output may need adaptation.
   - A large amount of changes has been merged for ospf6d. Careful evaluation
     prior to deployment is recommended.
   - Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4
     nexthop by looking at the interface.
   - Relaxed bestpath criteria for multipath and improved display of
     multipath routes in "show ip bgp". Scripts parsing this output may need
     to be updated.
   - Support for iBGP TTL security.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1407=1

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1407=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1407=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1407=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1407=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      quagga-debuginfo-1.1.1-17.3.3
      quagga-debugsource-1.1.1-17.3.3
      quagga-devel-1.1.1-17.3.3

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      quagga-debuginfo-1.1.1-17.3.3
      quagga-debugsource-1.1.1-17.3.3
      quagga-devel-1.1.1-17.3.3

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      libfpm_pb0-1.1.1-17.3.3
      libfpm_pb0-debuginfo-1.1.1-17.3.3
      libospf0-1.1.1-17.3.3
      libospf0-debuginfo-1.1.1-17.3.3
      libospfapiclient0-1.1.1-17.3.3
      libospfapiclient0-debuginfo-1.1.1-17.3.3
      libquagga_pb0-1.1.1-17.3.3
      libquagga_pb0-debuginfo-1.1.1-17.3.3
      libzebra1-1.1.1-17.3.3
      libzebra1-debuginfo-1.1.1-17.3.3
      quagga-1.1.1-17.3.3
      quagga-debuginfo-1.1.1-17.3.3
      quagga-debugsource-1.1.1-17.3.3

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      libfpm_pb0-1.1.1-17.3.3
      libfpm_pb0-debuginfo-1.1.1-17.3.3
      libospf0-1.1.1-17.3.3
      libospf0-debuginfo-1.1.1-17.3.3
      libospfapiclient0-1.1.1-17.3.3
      libospfapiclient0-debuginfo-1.1.1-17.3.3
      libquagga_pb0-1.1.1-17.3.3
      libquagga_pb0-debuginfo-1.1.1-17.3.3
      libzebra1-1.1.1-17.3.3
      libzebra1-debuginfo-1.1.1-17.3.3
      quagga-1.1.1-17.3.3
      quagga-debuginfo-1.1.1-17.3.3
      quagga-debugsource-1.1.1-17.3.3

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      libfpm_pb0-1.1.1-17.3.3
      libfpm_pb0-debuginfo-1.1.1-17.3.3
      libospf0-1.1.1-17.3.3
      libospf0-debuginfo-1.1.1-17.3.3
      libospfapiclient0-1.1.1-17.3.3
      libospfapiclient0-debuginfo-1.1.1-17.3.3
      libquagga_pb0-1.1.1-17.3.3
      libquagga_pb0-debuginfo-1.1.1-17.3.3
      libzebra1-1.1.1-17.3.3
      libzebra1-debuginfo-1.1.1-17.3.3
      quagga-1.1.1-17.3.3
      quagga-debuginfo-1.1.1-17.3.3
      quagga-debugsource-1.1.1-17.3.3


References:

   https://www.suse.com/security/cve/CVE-2016-1245.html
   https://www.suse.com/security/cve/CVE-2017-5495.html
   https://bugzilla.suse.com/1005258
   https://bugzilla.suse.com/1021669
   https://bugzilla.suse.com/1034273

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWaYkZ4x+lLeg9Ub1AQhqSw//Y5Dn+l1N4xMpxHbxHiv8pPy+5hHuJyPK
pdbDAyUbs0lMr/V1kfxEb3EIPacXKsYr9sjoBWkEJ9rthYeQddRHjf/VlyNH0dX/
oBzvXv9V89WPmZTIclm6B0sAJaj9OkBVUpDStqIfH+hFk3+gP75ecQdqUGe/QLPA
tVzp2j8Qwf/KdjhnPvCojGFbSkz6JFIr0FwGM6FtD4KHuAambGIR/DBqhJ0jxNAA
vq92HXjNECz1Hiw0gzuk0aoWX/M1Q40kzPbX7Hn32IjpwXQgfIBtaxt5Z+LtB90/
Y87BXknU/XLg8qVE3jqOW2JSeyRCeR5YoQCnqixKM2loWGU/W3YQsdNWRqp5dyLL
BqOYUVD3HhkiqdSrIr203LqQkWEnsKz5kcBqewU2YWCsp3+XgP1NuzIeuqsMxK2o
9Go2DnvP81AG1qqJS1gZ15HjVsYE7TQVvHFSueH62KJQ+SJVaA0cOKmfNupK3pFH
jiir9SI8MKx1YC/0+H4R+LczyRMWoca2P8NL1Sw5UT/hydHn4+A6spB4seyARYwB
zoyvz1fPZ7mg/cbLsHJ6Ln7U4uqnw02BeZVdyko3UdNpNBbLnjtS9q8pk8GVppCr
ObRgLFiJAtg+qeXaxIRqaV5Iu2+cVcY4SKTrRGRlAW52mHmRHxW/zEseNYFrHivZ
PD53LYeIW78=
=nOIe
-----END PGP SIGNATURE-----

« Back to bulletins