Paketname
quagga
Datum
2009-05-10
Advisory ID
MDVSA-2009:109
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error (CVE-2009-1572).

Updated packages are available that bring Quagga to version 0.99.12
which provides numerous bugfixes over the previous 0.99.9 version,
and also corrects this issue.

Aktualisierte Pakete

CS4.0 x86_64

 afc986d05e0bde73541f0cfe5b147d2c  corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm
 4cc0bec07f2b919abeac75dc06d7f3c0  corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm
 3d606fef235993483e9a448665e4e377  corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm
 f549ced36115d6609ac835c5aca0863d  corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 
 15e76c29c25f7730eae72c18da15b772  corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm

CS4.0 i586

 48c1d2504e08d2a26ac6ace2bc01124d  corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm
 df93a452f47b8926f65a51231dd11f36  corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm
 d2386e488423fbb81e44cb6dda4de9df  corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm
 d4b9c5e2cec03ce49a76adcfe0e4a42e  corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 
 15e76c29c25f7730eae72c18da15b772  corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm

Referenzen