drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in quagga
Name: |
Pufferüberlauf in quagga |
|
ID: |
MDVSA-2013:254 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Business Server 1.0 |
|
Datum: |
Fr, 18. Oktober 2013, 16:06 |
|
Referenzen: |
http://advisories.mageia.org/MGASA-2013-0310.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236 |
|
Applikationen: |
quagga |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1382096005-2618-9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:254 http://www.mandriva.com/en/support/security/ _______________________________________________________________________
Package : quagga Date : October 18, 2013 Affected: Business Server 1.0 _______________________________________________________________________
Problem Description:
Updated quagga packages fix security vulnerability: Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236). Note: We have worked around this vulnerability by disabling the ospf_api and ospfclient features, which did not provide useful functionality. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236 http://advisories.mageia.org/MGASA-2013-0310.html _______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64: 8c751a0311cd7654f4899300144e7351 mbs1/x86_64/lib64quagga0-0.99.20.1-4.2.mbs1.x86_64.rpm 08329e6630d02e97286a2f9fe8177129 mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.2.mbs1.x86_64.rpm e922a4b95ff082292b0df477645004f7 mbs1/x86_64/quagga-0.99.20.1-4.2.mbs1.x86_64.rpm 05d43b0bdadb568ea8709f041abb7174 mbs1/x86_64/quagga-contrib-0.99.20.1-4.2.mbs1.x86_64.rpm 91fc66bff311ceb33412289f8b82490a mbs1/SRPMS/quagga-0.99.20.1-4.2.mbs1.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSYPHfmqjQ0CJFipgRAkwaAJ9BgB7d6huH9HAWGfg4s36vUGRa8gCdGZiK dePmJUp5/a9aqwXhOyo5CEM= =5I4o -----END PGP SIGNATURE-----
------------=_1382096005-2618-9 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________
------------=_1382096005-2618-9--
|
|
|
|