Bugzilla – Bug 770619
VUL-1 : quagga: /etc/quagga and its contents are world-readable despite containing passwords
Last modified: 2017-05-11 00:45:42 UTC
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0 See above. Isn't is a vulnerability? Reproducible: Always Steps to Reproduce: 1. 2. 3.
BTW, that's the case in every openSUSE version known by me, and even in SLES 11 (SP 1)!!!
/etc/quagga/zebra.conf is still 644 and containing passwords
lets tag, so we mioght have it better on the radar.
bugbot adjusting priority
reassign to current maintainer
Fix implemented. Now building some test setup to see whether it (and the update to the recent upstream release) works as expected.
This is an autogenerated message for OBS integration: This bug (770619) was mentioned in https://build.opensuse.org/request/show/382809 13.2 / quagga https://build.opensuse.org/request/show/382812 42.1 / quagga
Fix tested and sent to all repos.
SUSE-SU-2016:0953-1: An update that contains security fixes can now be installed. Category: security (low) Bug References: 770619 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): quagga-0.99.22.1-9.1 SUSE Linux Enterprise Software Development Kit 12 (src): quagga-0.99.22.1-9.1 SUSE Linux Enterprise Server 12-SP1 (src): quagga-0.99.22.1-9.1 SUSE Linux Enterprise Server 12 (src): quagga-0.99.22.1-9.1
SUSE-SU-2016:0954-1: An update that contains security fixes can now be installed. Category: security (low) Bug References: 770619 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): quagga-0.99.15-0.21.1 SUSE Linux Enterprise Server 11-SP4 (src): quagga-0.99.15-0.21.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): quagga-0.99.15-0.21.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-04-25. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62624
openSUSE-SU-2016:1030-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 770619 CVE References: Sources used: openSUSE Leap 42.1 (src): quagga-0.99.24.1-8.1 openSUSE 13.2 (src): quagga-0.99.23-2.6.1