quagga-0.99.22.4-5.el7
エラータID: AXSA:2018-2582:01
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4 , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.
Security Fix(es):
* quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank the Quagga project for reporting this issue.
CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free
memory when processing certain forms of UPDATE message, containing
cluster-list and/or unknown attributes. A successful attack could
cause a denial of service or potentially allow an attacker to execute
arbitrary code.
Update packages.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
N/A
SRPMS
- quagga-0.99.22.4-5.el7.src.rpm
MD5: 32a68330ccc5ccfb5668ad049f5b8765
SHA-256: 29716d2ddab38c6c7dd0899fed0772ed69577968fc85fa764ac0a593a8af498a
Size: 1.56 MB
Asianux Server 7 for x86_64
- quagga-0.99.22.4-5.el7.x86_64.rpm
MD5: 621361cc133c0f7050f68928c0717b68
SHA-256: 71adbd98058a2cde17774cfa042daf6b59cd994c6b70074512fcdc8eb0e72842
Size: 1.19 MB - quagga-0.99.22.4-5.el7.i686.rpm
MD5: ae0228d5370c393f9850f0b0f70dc216
SHA-256: 02b4ec233dbf63b42235d257b3ad69ac0678e3ba199b14dbdeb3ad8b963af83c
Size: 1.15 MB
日本語