drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in quagga
Name: |
Mehrere Probleme in quagga |
|
ID: |
DSA-4115-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Fr, 16. Februar 2018, 07:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5380 |
|
Applikationen: |
quagga |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4115-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : quagga CVE ID : CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2018-5378
It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attribute length is invalid. A configured BGP peer can take advantage of this bug to read memory from the bgpd process or cause a denial of service (daemon crash).
https://www.quagga.net/security/Quagga-2018-0543.txt
CVE-2018-5379
It was discovered that the Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes, resulting in a denial of service (bgpd daemon crash).
https://www.quagga.net/security/Quagga-2018-1114.txt
CVE-2018-5380
It was discovered that the Quagga BGP daemon, bgpd, does not properly handle internal BGP code-to-string conversion tables.
https://www.quagga.net/security/Quagga-2018-1550.txt
CVE-2018-5381
It was discovered that the Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE-----
|
|
|
|