-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:058 http://www.mandriva.com/security/ _______________________________________________________________________ Package : quagga Date : April 1, 2011 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been identified and fixed in quagga: The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute (CVE-2010-1674). bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute (CVE-2010-1675). Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1675 _______________________________________________________________________ Updated Packages: Corporate 4.0: 87b588dee68e7b87d505e9d3953a279c corporate/4.0/i586/libquagga0-0.99.18-0.1.20060mlcs4.i586.rpm 818e4b52aca03cb083aec7486630964c corporate/4.0/i586/libquagga0-devel-0.99.18-0.1.20060mlcs4.i586.rpm fb9f8c521a536d0b92cb8f070a80ad83 corporate/4.0/i586/quagga-0.99.18-0.1.20060mlcs4.i586.rpm b62e56494540a8dc9de806e59150d3f3 corporate/4.0/i586/quagga-contrib-0.99.18-0.1.20060mlcs4.i586.rpm 64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 130cac8e86e6bb41e8139ea53fb5bd35 corporate/4.0/x86_64/lib64quagga0-0.99.18-0.1.20060mlcs4.x86_64.rpm f7074a145d6742523470aadc450eeda2 corporate/4.0/x86_64/lib64quagga0-devel-0.99.18-0.1.20060mlcs4.x86_64.rpm d9e5ac8f09fc897d1f2fa113c4801b79 corporate/4.0/x86_64/quagga-0.99.18-0.1.20060mlcs4.x86_64.rpm 1ca735918f1126b00b64e1433d2dc85d corporate/4.0/x86_64/quagga-contrib-0.99.18-0.1.20060mlcs4.x86_64.rpm 64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNlaQ7mqjQ0CJFipgRAriUAKDLNRGlMvPdbPkgp0Wd0pxGixIzWwCfc38Q svx+sURyhhcmOWk06baNRFE= =Ii2a -----END PGP SIGNATURE-----