Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2017:2294-1 Important: Quagga DoS And Stack Overrun Issues

suse
Calendar Grey August 29, 2017
Dist Suse Esm H88
SUSE Security Update for OpenSSH tackles critical vulnerabilities. Discover the latest security improvements and patches now available.
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...

Summary

This update provides Quagga 1.1.1, which brings several fixes and enhancements. Security issues fixed: - CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. (bsc#1021669) - CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258) Bug fixes: - Do not enable zebra's TCP interface (port 2600) to use default UNIX socket for communication between the daemons. (fate#323170) Between 0.99.22.1 and 1.1.1 the following improvements have been implemented: - Changed the default of 'link-detect' state, controlling whether zebra will respond to link-state events and consider an interface to be down when link is down. To retain the current behavior save your config before updating, otherwise remove the 'link-detect' flag from your

References

#1005258 #1021669 #1034273

Cross- CVE-2016-1245 CVE-2017-5495

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2

https://www.suse.com/security/cve/CVE-2016-1245.html

https://www.suse.com/security/cve/CVE-2017-5495.html

https://bugzilla.suse.com/1005258

https://bugzilla.suse.com/1021669

https://bugzilla.suse.com/1034273

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2294-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.