Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-0794

Опубликовано: 27 мар. 2017
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2017-0794: quagga security and bug fix update (MODERATE)

[0.99.15-14]

  • Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory

[0.99.15-13]

  • fix path of ripd pid file (#842308)

[0.99.15-12]

  • fix start() function in watchqugga initscript (#862826, #1208617)

[0.99.15-11]

  • fix for CVE-2013-2236 (#1391918)
  • fix for CVE-2016-1245 (#1391914)
  • fix for CVE-2016-2342 (#1391916)
  • fix for CVE-2016-4049 (#1391919)

[0.99.15-11]

  • ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config (#770731)

[0.99.15-10]

  • add watchquagga initscript (#862826, #1208617)
  • remove pidfile when service is stopped (#842308)
  • use QCONFDIR correctly in initscripts (#839620)
  • include watchquagga and ospfclient manpages (#674862)

[0.99.15-9]

  • improve fix for CVE-2011-3325

[0.99.15-8]

  • fix CVE-2011-3323
  • fix CVE-2011-3324
  • fix CVE-2011-3325
  • fix CVE-2011-3326
  • fix CVE-2011-3327
  • fix CVE-2012-0255
  • fix CVE-2012-0249 and CVE-2012-0250
  • fix CVE-2012-1820

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

quagga

0.99.15-14.el6

quagga-contrib

0.99.15-14.el6

quagga-devel

0.99.15-14.el6

Oracle Linux i686

quagga

0.99.15-14.el6

quagga-contrib

0.99.15-14.el6

quagga-devel

0.99.15-14.el6

Связанные CVE

CVE-2016-1245
CVE-2017-5495
CVE-2016-4049
CVE-2013-2236
CVE-2016-2342

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2017:2294-1

suse-cvrf
около 8 лет назад

Security update for quagga

ubuntu логотип

CVE-2016-1245

CVSS3: 9.8
ubuntu
больше 8 лет назад

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

redhat логотип

CVE-2016-1245

CVSS3: 5.3
redhat
около 9 лет назад

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

nvd логотип

CVE-2016-1245

CVSS3: 9.8
nvd
больше 8 лет назад

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

debian логотип

CVE-2016-1245

CVSS3: 9.8
debian
больше 8 лет назад

It was discovered that the zebra daemon in Quagga before 1.0.20161017 ...