Mageia Advisory: MGASA-2016-0165 - Updated quagga packages fix CVE-2016-4049

Updated quagga packages fix CVE-2016-4049

Publication date: 05 May 2016
Modification date: 05 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4049

Description

Updated quagga packages fix security vulnerability:

A denial of dervice vulnerability have been found in BGP daemon
from Quagga routing software (bgpd): if the following conditions are
satisfied:

 - regular dumping is enabled
 - bgpd instance has many BGP peers

then BGP message packets that are big enough cause bgpd to crash.
The situation when the conditions above are satisfied is quite common.
Moreover, it is easy to craft a packet which is much "bigger" than a
typical packet, and hence such crafted packet can much more likely cause
the crash (CVE-2016-4049).

References

https://bugs.mageia.org/show_bug.cgi?id=18280
http://openwall.com/lists/oss-security/2016/04/27/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4049

SRPMS

5/core

quagga-0.99.22.4-4.2.mga5

Advisories » MGASA-2016-0165

Updated quagga packages fix CVE-2016-4049

Description

References

SRPMS

5/core