Sicherheit: Denial of Service in quagga

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1241969609-27111-2991

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:109
http://www.mandriva.com/security/
_______________________________________________________________________

Package : quagga
Date : May 10, 2009
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error (CVE-2009-1572).

Updated packages are available that bring Quagga to version 0.99.12
which provides numerous bugfixes over the previous 0.99.9 version,
and also corrects this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
48c1d2504e08d2a26ac6ace2bc01124d
corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm
df93a452f47b8926f65a51231dd11f36
corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm
d2386e488423fbb81e44cb6dda4de9df
corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm
d4b9c5e2cec03ce49a76adcfe0e4a42e
corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm
15e76c29c25f7730eae72c18da15b772
corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
afc986d05e0bde73541f0cfe5b147d2c
corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm
4cc0bec07f2b919abeac75dc06d7f3c0
corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm
3d606fef235993483e9a448665e4e377
corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm
f549ced36115d6609ac835c5aca0863d
corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm
15e76c29c25f7730eae72c18da15b772
corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK
lIRHZW4+jB0P4UXMSyVUpxo=
=2fxe
-----END PGP SIGNATURE-----

------------=_1241969609-27111-2991
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1241969609-27111-2991--