Paketname
quagga
Datum
2011-04-01
Advisory ID
MDVSA-2011:058
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Multiple vulnerabilities has been identified and fixed in quagga:

The extended-community parser in bgpd in Quagga before 0.99.18 allows
remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a malformed Extended Communities attribute
(CVE-2010-1674).

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial
of service (session reset) via a malformed AS_PATHLIMIT path attribute
(CVE-2010-1675).

Updated packages are available that bring Quagga to version 0.99.18
which provides numerous bugfixes over the previous 0.99.17 version,
and also corrects these issues.

Aktualisierte Pakete

CS4.0 x86_64

 130cac8e86e6bb41e8139ea53fb5bd35  corporate/4.0/x86_64/lib64quagga0-0.99.18-0.1.20060mlcs4.x86_64.rpm
 f7074a145d6742523470aadc450eeda2  corporate/4.0/x86_64/lib64quagga0-devel-0.99.18-0.1.20060mlcs4.x86_64.rpm
 d9e5ac8f09fc897d1f2fa113c4801b79  corporate/4.0/x86_64/quagga-0.99.18-0.1.20060mlcs4.x86_64.rpm
 1ca735918f1126b00b64e1433d2dc85d  corporate/4.0/x86_64/quagga-contrib-0.99.18-0.1.20060mlcs4.x86_64.rpm 
 64b55fea4af3b02837266cc9e5162841  corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm

CS4.0 i586

 87b588dee68e7b87d505e9d3953a279c  corporate/4.0/i586/libquagga0-0.99.18-0.1.20060mlcs4.i586.rpm
 818e4b52aca03cb083aec7486630964c  corporate/4.0/i586/libquagga0-devel-0.99.18-0.1.20060mlcs4.i586.rpm
 fb9f8c521a536d0b92cb8f070a80ad83  corporate/4.0/i586/quagga-0.99.18-0.1.20060mlcs4.i586.rpm
 b62e56494540a8dc9de806e59150d3f3  corporate/4.0/i586/quagga-contrib-0.99.18-0.1.20060mlcs4.i586.rpm 
 64b55fea4af3b02837266cc9e5162841  corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm

Referenzen