Your message dated Sat, 18 Nov 2017 22:21:36 +0000
with message-id <e1egbuw-0006ps...@fasolo.debian.org>
and subject line Bug#879474: fixed in quagga 0.99.23.1-1+deb8u4
has caused the Debian Bug report #879474,
regarding quagga-bgpd: CVE-2017-16227: BGP session termination due to rather
long AS paths in update messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
879474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: quagga-bgpd
Version: 1.1.1-3
Severity: important
Tags: security upstream
Dear Maintainer,
there is a longstanding bug in quagga where certain BGP update messages
cause a quagga bgpd to drop a session, possibly resulting in loss of
network connectivity.
Details:
Long paths in update messages are segmented in BGP, and the bug is in
the recalculation of the framing information if there are more than two
segments. The resulting data is invalid but will will be used for
redistribution. At least if the receiver is another quagga bgpd, that
message is rejected, eventually resulting in a BGP session termination.
The receiver's log (if written) contains an error message like
| BGP: 172.23.97.181: BGP type 2 length 3074 is too large, attribute total
length is 2069. attr_endp is 0x562feb368121. endp is 0x562feb367d2c
then.
So if a site's BGP peers all run quagga, that site will lose network
connectivity due to frequent session termination. Additionally, the
repeated initial full table transfer will result in a significantly
bigger network load, I've seen around 1 MByte/sec/link, compared to
usually less than one 1 kbyte/sec/link.
Such extremely long AS paths have occured in the global BGP table at
least four times since June. Last time started on Oct 13th around 20:43
UTC and lasted until the following week.
All versions of quagga in Debian are affected.
How to fix:
Kudos to Andreas Jaggi who identified the bug and provided a fix[1].
After some hours of work I was able to reproduce the issue and can
confirm this patch resolves the issues for all versions of quagga in
Debian (wheezy, jessie, stretch = buster = sid). Details about the
setup available upon request, it's just some stuff to write down.
In my opinion this is serious enough to justify a security upload. If
stable security disagrees, please fix this in the next stable point
release.
Regards,
Christoph
[1] https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 0.99.23.1-1+deb8u4
We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated quagga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Oct 2017 06:38:36 +0100
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: all source
Version: 0.99.23.1-1+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Christian Hammers <c...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 879474
Description:
quagga - BGP/OSPF/RIP routing daemon
quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
quagga-doc - documentation files for quagga
Changes:
quagga (0.99.23.1-1+deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227)
(Closes: #879474)
Checksums-Sha1:
7a5ccdd7208ba03181cea4a379d599f14245376a 2335 quagga_0.99.23.1-1+deb8u4.dsc
5d2f4e1c0afee677e607c35ce42d26da37cff9e6 39536
quagga_0.99.23.1-1+deb8u4.debian.tar.xz
01dfd91b08b445e3e46fe90dccfc9cee1cd494a7 907776
quagga-doc_0.99.23.1-1+deb8u4_all.deb
Checksums-Sha256:
597a3623f5dda14bd27f278834c9e983c03dc7166f885b299fefffbc35db69e6 2335
quagga_0.99.23.1-1+deb8u4.dsc
07d9fe87596388d2fef83227f4a8052c6dc59c5d01a11938ddd7b088b0797e3c 39536
quagga_0.99.23.1-1+deb8u4.debian.tar.xz
1a630bf150dac87f2f6f854bfc1b136f1a5bcdf112b5e6513dacffc6fc53e538 907776
quagga-doc_0.99.23.1-1+deb8u4_all.deb
Files:
f0cc19c40d299e53b81721bb4e207079 2335 net optional
quagga_0.99.23.1-1+deb8u4.dsc
88ede271e6b4f65210864568b9356a69 39536 net optional
quagga_0.99.23.1-1+deb8u4.debian.tar.xz
371a0817c51592ad91187ebbdba6eb2e 907776 net optional
quagga-doc_0.99.23.1-1+deb8u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAln2171fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErJYP/1nDZTKlczF/vgPq7VYe7kFKweaJRz6u
L8rOoU4LvbB6nPw1zlEtxku+iTPiGex3vmv1guZvsytPAlUKAAxPTnp4j8CGJOiP
uM38Jh6gfrGAb1vs8rN3R5+S/B+tbjyt+UBn0ZFOiceyCBjmYxLfrvwNJL6CQA2M
F2pVhGplk9u01ALxr0L1j/UvWwwo+x1lv3gJesSvWgI/1VGvT0387pPGICizE6YH
xsGCGwukLlIXCAj96272e2/u5tRBzz3+bKfIpTIZErZMfh2MYF+GKpKWMi4U5a8m
G2KbMyU76ml2+xYDxlcsHXX0cBV07+R5zZiPhkwCkExBwhgtvZyfkmEkvvUpuRZV
T0Vg43L9ID321jyuHHvR89X56YdtRfcoex8ZOl1CQzVwtiNZRZDeYtfHn6TrzcWY
aaSV8y7eXBTqQYhRLho2OVwhLSsoCBodpZYLa9vxBzSrv/2Gx+iCjSxyvyrnZiLr
eedy1BaCz3zpGxMdl/WU3g/aSjZa0aXdxAoAguyla8N1euayg/pJMRU7MOZolt12
LIrTzMS/kirMK9Ps0vpkFqaT+YX9M1urM5uqL7pNkL/BkWAQ1k22JqQCfbFk66mj
Q33rTTqtJk8MzyKBjjwrblxp7hj7VE8SMqHAPBKeSRgG8l7Qyxyp85I2EdsqTquw
pmbIkx9aXn7c
=gxbM
-----END PGP SIGNATURE-----
--- End Message ---
