| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1UPwNU-0004Us-9a@titan.mandriva.com> Date: Wed, 10 Apr 2013 16:52:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2013:122 ] quagga -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:122 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : quagga Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated quagga package fixes security vulnerability: The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message (CVE-2012-1820). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0133 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: ccff198235c967974cf3fbd36357d74b mbs1/x86_64/lib64quagga0-0.99.20.1-4.1.mbs1.x86_64.rpm 2f39ea9b9dc6d43d2c5d6f4a52f03199 mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.1.mbs1.x86_64.rpm 47e58bf9ed528f49b5fc949ee97e3a61 mbs1/x86_64/quagga-0.99.20.1-4.1.mbs1.x86_64.rpm 8631379a83fbe4414c6a6eed168a3eab mbs1/x86_64/quagga-contrib-0.99.20.1-4.1.mbs1.x86_64.rpm 692575a51b91902aafd594dc1a628660 mbs1/SRPMS/quagga-0.99.20.1-4.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVKPmqjQ0CJFipgRAqDBAJ0UIibF/CxlkQs84SH9L+LNCFGixgCdGQ8Z 6nfdWJt00X05gt1q7uQci/U= =nomv -----END PGP SIGNATURE-----
Powered by blists - more mailing lists