Updated quagga packages fix security vulnerability
Publication date: 22 Feb 2018Modification date: 22 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5379 , CVE-2018-5380 , CVE-2018-5381
Description
This is an update to fix several security issues.
1. CVE-2018-5379: Fix double free of unknown attribute
2. CVE-2018-5380: debug print of received NOTIFY data can over-read msg array
3. CVE-2018-5381: fix infinite loop on certain invalid OPEN messages
References
- https://bugs.mageia.org/show_bug.cgi?id=22610
- https://www.debian.org/security/2018/dsa-4115
- https://nvd.nist.gov/vuln/detail/CVE-2018-5379
- https://nvd.nist.gov/vuln/detail/CVE-2018-5380
- https://nvd.nist.gov/vuln/detail/CVE-2018-5381
- https://www.quagga.net/security/Quagga-2018-1114.txt
- https://www.quagga.net/security/Quagga-2018-1550.txt
- https://www.quagga.net/security/Quagga-2018-1975.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5380
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5381
SRPMS
6/core
- quagga-0.99.24.1-6.1.mga6