A security issue in quagga has been announced today (April 27): http://openwall.com/lists/oss-security/2016/04/27/7 A patch to fix the issue has been included in the message above. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
(In reply to David Walser from comment #0) > A security issue in quagga has been announced today (April 27): > http://openwall.com/lists/oss-security/2016/04/27/7 > > A patch to fix the issue has been included in the message above. > > Mageia 5 is also affected. Assigning to all packagers collectively, since there is no maintainer for this package. @ Philippem Do I need to CC you separately when assigning a security bug to pkg-bugs@ml for a package that doesn't have a maintainer?
CC: (none) => makowski.mageia, marja11Assignee: bugsquad => pkg-bugs
(In reply to Marja van Waes from comment #1) > (In reply to David Walser from comment #0) > > A security issue in quagga has been announced today (April 27): > > http://openwall.com/lists/oss-security/2016/04/27/7 > > > > A patch to fix the issue has been included in the message above. > > > > Mageia 5 is also affected. > > Assigning to all packagers collectively, since there is no maintainer for > this package. > > @ Philippem > > Do I need to CC you separately when assigning a security bug to pkg-bugs@ml > for a package that doesn't have a maintainer? You can yes
Assignee: pkg-bugs => makowski.mageia
Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated quagga packages fix security vulnerability: A denial of dervice vulnerability have been found in BGP daemon from Quagga routing software (bgpd): if the following conditions are satisfied: - regular dumping is enabled - bgpd instance has many BGP peers then BGP message packets that are big enough cause bgpd to crash. The situation when the conditions above are satisfied is quite common. Moreover, it is easy to craft a packet which is much "bigger" than a typical packet, and hence such crafted packet can much more likely cause the crash (CVE-2016-4049). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4049 http://openwall.com/lists/oss-security/2016/04/27/7 ======================== Updated packages in core/updates_testing: ======================== quagga-0.99.22.4-4.2.mga5 quagga-contrib-0.99.22.4-4.2.mga5 libquagga0-0.99.22.4-4.2.mga5 libquagga-devel-0.99.22.4-4.2.mga5 from quagga-0.99.22.4-4.2.mga5.src.rpm
Assignee: makowski.mageia => qa-bugsWhiteboard: MGA5TOO => MGA5TOO has_procedure
Procedure: https://bugs.mageia.org/show_bug.cgi?id=6512#c1
Thanks Philippe! When fixing in Cauldron and Mageia 5 and assigning to QA, please also remember to set the version to 5 and remove MGA5TOO from the whiteboard.
Version: Cauldron => 5Whiteboard: MGA5TOO has_procedure => has_procedure
Testing on x86_64. Had tested it before on another bug. Started a few services. $ sudo watchquagga -d zebra bgpd ospfd ospf6d ripd $ tail -40 /var/log/syslog ................... May 5 10:01:09 vega watchquagga[11287]: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ospf6d ripd], mode [monitor] May 5 10:01:09 vega watchquagga[11287]: ospf6d state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: ripd state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: ospfd state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: zebra state -> up : connect succeeded May 5 10:01:10 vega watchquagga[11287]: bgpd state -> up : connect succeeded Stopped ospf6d and checked syslog. May 5 10:02:45 vega watchquagga[11287]: ospf6d state -> down : read returned EOF $ systemctl status ospf6d â ospf6d.service - OSPF routing daemon for IPv6 Loaded: loaded (/usr/lib/systemd/system/ospf6d.service; enabled) Active: inactive (dead) since Thu 2016-05-05 10:02:45 BST; 16min ago Docs: man:ospfd(8) man:zebra(8) Main PID: 10613 (code=exited, status=0/SUCCESS) $ sudo netstat -tapnl | grep ':260' > quagga.netlog $ cat quagga.netlog tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 10556/zebra tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN 10590/ripd tcp 0 0 0.0.0.0:2603 0.0.0.0:* LISTEN 10636/ripngd tcp 0 0 0.0.0.0:2604 0.0.0.0:* LISTEN 10659/ospfd tcp 0 0 0.0.0.0:2605 0.0.0.0:* LISTEN 10682/bgpd tcp6 0 0 :::2601 :::* LISTEN 10556/zebra tcp6 0 0 :::2602 :::* LISTEN 10590/ripd tcp6 0 0 :::2603 :::* LISTEN 10636/ripngd tcp6 0 0 :::2604 :::* LISTEN 10659/ospfd tcp6 0 0 :::2605 :::* LISTEN 10682/bgpd [ Logged in to zebra $ telnet localhost 2601 Tried ? and list to show commands Router> show version Quagga 0.99.22.4 (Router). Copyright 1996-2005 Kunihiro Ishiguro, et al. Router> show history list show history show version Router> show ip mroute Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.1.0/24 is directly connected, enp3s0 Tried the ipv6 services: $ telnet ::1 2605 bgpd> who vty[13] connected from ::1. bgpd> exit $ telnet ::1 2604 ospfd> show ip ospf route ============ OSPF network routing table ============ N 192.168.1.0/24 [10] area: 0.0.0.0 directly attached to enp3s0 ospfd> exit Started ospf6d. $ tail -320 /var/log/syslog | grep ospf6 May 5 11:09:23 vega watchquagga[11287]: ospf6d state -> up : connect succeeded $ telnet localhost 2606 ospf6d@plant# show ip access-list OSPF6: Zebra IP access list access4 permit 127.0.0.1/32 ospf6d@plant# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 255.1.1.1 Running 00:18:38 Number of AS scoped LSAs is 0 Number of areas in this router is 1 Area 0.0.0.0 Number of Area scoped LSAs is 0 Interface attached to this area: fxp0 CGroup: /system.slice/ospf6d.service ââ5878 /usr/sbin/ospf6d -d This all looks fine.
CC: (none) => tarazed25
Whiteboard: has_procedure => has_procedure MGA5-64-OK
Validating
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure MGA5-64-OK => has_procedure advisory MGA5-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0165.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/686580/