Updated quagga packages fix security vulnerability
Publication date: 03 Mar 2017Modification date: 03 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5495
Description
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host (CVE-2017-5495).
References
- https://bugs.mageia.org/show_bug.cgi?id=20271
- https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NKP6QWJW7XWDE4O42UCR5L534GOHVIQN/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5495
SRPMS
5/core
- quagga-0.99.22.4-4.4.mga5