[Secure-testing-team] Bug#835223: quagga: CVE-2016-4036
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 23 16:28:51 UTC 2016
Source: quagga
Version: 0.99.23.1-1
Severity: important
Tags: security
Hi,
the following vulnerability was published for quagga.
CVE-2016-4036[0]:
| The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux
| Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which
| allows local users to obtain sensitive information by reading files in
| the directory.
Although the description from MITRE metnions openSUSE and SUSE Linux
Enterprise Server 11 SP explicitly, the isue affects in similar way as
well the Debian package.
Filling the bug report to have it tracked as well in the BTS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-4036
Regards,
Salvatore
More information about the Secure-testing-team
mailing list