Описание
Security update for quagga
This update for quagga fixes the following security issue:
- CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952).
Список пакетов
SUSE Linux Enterprise Server 12
quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server 12 SP1
quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server for SAP Applications 12
quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
quagga-0.99.22.1-5.1
SUSE Linux Enterprise Software Development Kit 12
quagga-devel-0.99.22.1-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1
quagga-devel-0.99.22.1-5.1
Ссылки
- Link for SUSE-SU-2016:0936-1
- E-Mail link for SUSE-SU-2016:0936-1
- SUSE Security Ratings
- SUSE Bug 970952
- SUSE CVE CVE-2016-2342 page
Описание
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1:quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server 12:quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:quagga-0.99.22.1-5.1
SUSE Linux Enterprise Server for SAP Applications 12:quagga-0.99.22.1-5.1
Ссылки
- CVE-2016-2342
- SUSE Bug 970952