USN-775-1: Quagga vulnerability

Referenced CVEs: 



Ubuntu Security Notice USN-775-1 May 12, 2009
quagga vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.5

Ubuntu 8.04 LTS:
quagga 0.99.9-2ubuntu1.2

Ubuntu 8.10:
quagga 0.99.9-6ubuntu0.1

Ubuntu 9.04:
quagga 0.99.11-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the BGP service in Quagga did not correctly
handle certain AS paths containing 4-byte ASNs. An authenticated remote
attacker could exploit this flaw to cause bgpd to abort, leading to a
denial of service.