Updated quagga packages fix security vulnerability
Publication date: 19 Nov 2017Modification date: 19 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-16227
Description
The bgpd daemon in the Quagga routing suite does not properly calculate
the length of multi-segment AS_PATH UPDATE messages, causing bgpd to
drop a session and potentially resulting in loss of network connectivity
(CVE-2017-16227).
References
- https://bugs.mageia.org/show_bug.cgi?id=21967
- http://openwall.com/lists/oss-security/2017/10/30/4
- https://www.debian.org/security/2017/dsa-4011
- https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
- http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16227
SRPMS
5/core
- quagga-0.99.22.4-4.5.mga5
6/core
- quagga-0.99.24.1-6.1.mga6