openSUSE-SU-2019:2178-1

Опубликовано: 24 сент. 2019

Источник: suse-cvrf

Описание

Security update for bird

This update for bird fixes the following issues:

CVE-2019-16159: Fixed a stack-based buffer overflow via administrative shutdown communication messages. (bnc#1150108)

Список пакетов

openSUSE Leap 15.1

bird-1.6.8-lp151.2.3.1

bird-common-1.6.8-lp151.2.3.1

bird-doc-1.6.8-lp151.2.3.1

bird6-1.6.8-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CLUOR4RFQMIGUD2RPDWXPJLESR3E5B2X/#CLUOR4RFQMIGUD2RPDWXPJLESR3E5B2X
E-Mail link for openSUSE-SU-2019:2178-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1150108
SUSE Bug 1150108
https://www.suse.com/security/cve/CVE-2019-16159/
SUSE CVE CVE-2019-16159 page

Описание

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Затронутые продукты

openSUSE Leap 15.1:bird-1.6.8-lp151.2.3.1

openSUSE Leap 15.1:bird-common-1.6.8-lp151.2.3.1

openSUSE Leap 15.1:bird-doc-1.6.8-lp151.2.3.1

openSUSE Leap 15.1:bird6-1.6.8-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16159.html
CVE-2019-16159
https://bugzilla.suse.com/1150108
SUSE Bug 1150108

openSUSE-SU-2019:2178-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-16159

Описание

Затронутые продукты

Ссылки