CVE-2016-4036 Ubuntu Security Notification for Quagga Vulnerabilities (USN-3102-1)

It was discovered that Quagga incorrectly handled dumping data.

It was discovered that the Quagga package incorrectly set permissions on the configuration directory.

A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. (CVE-2016-4049)

A local user could use this issue to possibly obtain sensitive information. (CVE-2016-4036)

Refer to Ubuntu advisory USN-3102-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3102-1: 12.04 (Precise) on src (quagga)

USN-3102-1: 16.04 (Xenial) on src (quagga)

USN-3102-1: 14.04 (Kylin) on src (quagga)