Описание
ELSA-2018-0377: quagga security update (IMPORTANT)
[0.99.22.4-5]
- Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
- Resolves: rhbz#1546015
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
quagga
0.99.22.4-5.el7_4
quagga-contrib
0.99.22.4-5.el7_4
quagga-devel
0.99.22.4-5.el7_4
Oracle Linux x86_64
quagga
0.99.22.4-5.el7_4
quagga-contrib
0.99.22.4-5.el7_4
quagga-devel
0.99.22.4-5.el7_4
Связанные CVE
Связанные уязвимости
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free me ...
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.