Описание
Security update for quagga
This update for quagga fixes the following security issue:
- CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family (bsc#970952).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
quagga-0.99.15-0.16.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
quagga-0.99.15-0.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4
quagga-0.99.15-0.16.1
quagga-devel-0.99.15-0.16.1
Ссылки
- Link for SUSE-SU-2016:0946-1
- E-Mail link for SUSE-SU-2016:0946-1
- SUSE Security Ratings
- SUSE Bug 970952
- SUSE CVE CVE-2016-2342 page
Описание
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:quagga-0.99.15-0.16.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:quagga-0.99.15-0.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:quagga-0.99.15-0.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4:quagga-devel-0.99.15-0.16.1
Ссылки
- CVE-2016-2342
- SUSE Bug 970952