Advisories » MGASA-2017-0071

Updated quagga packages fix security vulnerability

Publication date: 03 Mar 2017
Modification date: 03 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5495

Description

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded
memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service
of Quagga daemons, or even the entire host (CVE-2017-5495).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20271
• https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NKP6QWJW7XWDE4O42UCR5L534GOHVIQN/
• https://www.cve.org/CVERecord?id=CVE-2017-5495

SRPMS

5/core

• quagga-0.99.22.4-4.4.mga5