Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowDoS issue

Fedora 24: FEDORA-2016-cae6456f63 Critical: Quagga Buffer Overflow

This update addresses multiple security problems and fixes systemd dependencies.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-cae6456f63 2016-11-03 19:08:13.239273 -------------------------------------------------------------------------------- Name : quagga Product : Fedora 24 Version : 0.99.24.1 Release : 4.fc24 URL : Summary : Routing daemon Description : Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit; it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. -------------------------------------------------------------------------------- Update Information: This update addresses multiple security problems and fixes systemd dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387654 - quagga daemons should pull in network.target into the boot transaction https://bugzilla.redhat.com/show_bug.cgi?id=1387654 [ 2 ] Bug #1386110 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1386110 [ 3 ] Bug #1331373 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1331373 [ 4 ] Bug #1316572 - CVE-2016-2342 quagga: VPNv4 NLRI parses memcpys to stack on unchecked length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1316572 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade quagga' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 24 patches Quagga to address multiple security flaws and systemd requirements, correcting vital routing issues.. Fedora Quagga Security, Buffer Overflow Quagga, DoS Quagga, Routing Daemon Security. . Severity: Critical. LinuxSecurity.com Team

Nov 03, 2016 •Critical Fedora