Mandriva Linux Security Advisory 2013-122 - The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message.
a11d5de4264422bd1678721a17075a12eb70630d8621527a727b57c10af89492-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:122
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : quagga
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated quagga package fixes security vulnerability:
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier
allows remote attackers to cause a denial of service (assertion failure
and daemon exit) by leveraging a BGP peering relationship and sending
a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN
message (CVE-2012-1820).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0133
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
ccff198235c967974cf3fbd36357d74b mbs1/x86_64/lib64quagga0-0.99.20.1-4.1.mbs1.x86_64.rpm
2f39ea9b9dc6d43d2c5d6f4a52f03199 mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.1.mbs1.x86_64.rpm
47e58bf9ed528f49b5fc949ee97e3a61 mbs1/x86_64/quagga-0.99.20.1-4.1.mbs1.x86_64.rpm
8631379a83fbe4414c6a6eed168a3eab mbs1/x86_64/quagga-contrib-0.99.20.1-4.1.mbs1.x86_64.rpm
692575a51b91902aafd594dc1a628660 mbs1/SRPMS/quagga-0.99.20.1-4.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZVKPmqjQ0CJFipgRAqDBAJ0UIibF/CxlkQs84SH9L+LNCFGixgCdGQ8Z
6nfdWJt00X05gt1q7uQci/U=
=nomv
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed