Описание
ELSA-2007-0389: Moderate: quagga security update (MODERATE)
[0.98.3-2.4.0.1]
- rebuild and nvr fix
- resolves: #240481: CVE-2007-1995 Quagga bgpd DoS
[0.98.3-2.0.1]
- resolves: #240481: CVE-2007-1995 Quagga bgpd DoS
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
quagga
0.98.6-2.1.0.1.el5
quagga-contrib
0.98.6-2.1.0.1.el5
quagga-devel
0.98.6-2.1.0.1.el5
Oracle Linux i386
quagga
0.98.6-2.1.0.1.el5
quagga-contrib
0.98.6-2.1.0.1.el5
quagga-devel
0.98.6-2.1.0.1.el5
Связанные CVE
Связанные уязвимости
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.