Mandriva Linux Security Advisory 2011-058 - The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service via a malformed AS_PATHLIMIT path attribute. Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues.
d4c0f6cc4daa438fcc020c6831fdc5609a4890a1b60fb7729d8b61c7c0174599-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:058
http://www.mandriva.com/security/
_______________________________________________________________________
Package : quagga
Date : April 1, 2011
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been identified and fixed in quagga:
The extended-community parser in bgpd in Quagga before 0.99.18 allows
remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a malformed Extended Communities attribute
(CVE-2010-1674).
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial
of service (session reset) via a malformed AS_PATHLIMIT path attribute
(CVE-2010-1675).
Updated packages are available that bring Quagga to version 0.99.18
which provides numerous bugfixes over the previous 0.99.17 version,
and also corrects these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1675
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
87b588dee68e7b87d505e9d3953a279c corporate/4.0/i586/libquagga0-0.99.18-0.1.20060mlcs4.i586.rpm
818e4b52aca03cb083aec7486630964c corporate/4.0/i586/libquagga0-devel-0.99.18-0.1.20060mlcs4.i586.rpm
fb9f8c521a536d0b92cb8f070a80ad83 corporate/4.0/i586/quagga-0.99.18-0.1.20060mlcs4.i586.rpm
b62e56494540a8dc9de806e59150d3f3 corporate/4.0/i586/quagga-contrib-0.99.18-0.1.20060mlcs4.i586.rpm
64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
130cac8e86e6bb41e8139ea53fb5bd35 corporate/4.0/x86_64/lib64quagga0-0.99.18-0.1.20060mlcs4.x86_64.rpm
f7074a145d6742523470aadc450eeda2 corporate/4.0/x86_64/lib64quagga0-devel-0.99.18-0.1.20060mlcs4.x86_64.rpm
d9e5ac8f09fc897d1f2fa113c4801b79 corporate/4.0/x86_64/quagga-0.99.18-0.1.20060mlcs4.x86_64.rpm
1ca735918f1126b00b64e1433d2dc85d corporate/4.0/x86_64/quagga-contrib-0.99.18-0.1.20060mlcs4.x86_64.rpm
64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNlaQ7mqjQ0CJFipgRAriUAKDLNRGlMvPdbPkgp0Wd0pxGixIzWwCfc38Q
svx+sURyhhcmOWk06baNRFE=
=Ii2a
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed