Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0473-1

Опубликовано: 19 фев. 2018
Источник: suse-cvrf

Описание

Security update for quagga

This update for quagga fixes the following issues:

  • CVE-2017-16227: Fixed bgpd DoS via specially crafted BGP UPDATE messages (boo#1065641)
  • CVE-2018-5378: Fixed bgpd bounds check issue via attribute length (Quagga-2018-0543,boo#1079798)
  • CVE-2018-5379: Fixed bgpd double free when processing UPDATE message (Quagga-2018-1114,boo#1079799)
  • CVE-2018-5380: Fixed bgpd code-to-string conversion tables overrun (Quagga-2018-1550,boo#1079800)
  • CVE-2018-5381: Fixed bgpd infinite loop on certain invalid OPEN messages (Quagga-2018-1975,boo#1079801)

Список пакетов

openSUSE Leap 42.3
libfpm_pb0-1.1.1-18.3.1
libospf0-1.1.1-18.3.1
libospfapiclient0-1.1.1-18.3.1
libquagga_pb0-1.1.1-18.3.1
libzebra1-1.1.1-18.3.1
quagga-1.1.1-18.3.1
quagga-devel-1.1.1-18.3.1

Ссылки

Описание

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

Затронутые продукты
openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1
openSUSE Leap 42.3:libospf0-1.1.1-18.3.1
openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1
openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1
Ссылки

Описание

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Затронутые продукты
openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1
openSUSE Leap 42.3:libospf0-1.1.1-18.3.1
openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1
openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1
Ссылки

Описание

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

Затронутые продукты
openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1
openSUSE Leap 42.3:libospf0-1.1.1-18.3.1
openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1
openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1
Ссылки

Описание

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

Затронутые продукты
openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1
openSUSE Leap 42.3:libospf0-1.1.1-18.3.1
openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1
openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1
Ссылки

Описание

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

Затронутые продукты
openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1
openSUSE Leap 42.3:libospf0-1.1.1-18.3.1
openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1
openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1
Ссылки
Уязвимость openSUSE-SU-2018:0473-1