Re: [SECURITY] [DSA 2497-1] quagga security update

To: debian-security@lists.debian.org, debian-security-announce@lists.debian.org
Subject: Re: [SECURITY] [DSA 2497-1] quagga security update
From: Ulrich Neumann <mail4ulrich@gmail.com>
Date: Thu, 21 Jun 2012 21:55:59 +0200
Message-id: <[🔎] ec0v066hhsjl5goi058p6g6q.1340308559269@email.android.com>


Florian Weimer <fw@deneb.enyo.de> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- -------------------------------------------------------------------------
>Debian Security Advisory DSA-2497-1                   security@debian.org
>http://www.debian.org/security/                            Florian Weimer
>June 20, 2012                          http://www.debian.org/security/faq
>- -------------------------------------------------------------------------
>
>Package        : quagga
>Vulnerability  : denial of service
>Problem type   : remote
>Debian-specific: no
>CVE ID         : CVE-2012-1820
>Debian Bug     : 676510
>
>It was discovered that Quagga, a routing daemon, contains a
>vulnerability in processing the ORF capability in BGP OPEN messages.
>A malformed OPEN message from a previously configured BGP peer could
>cause bgpd to crash, causing a denial of service.
>
>For the stable distribution (squeeze), this problem has been fixed in
>version 0.99.20.1-0+squeeze3.
>
>For the testing distribution (wheezy) and the unstable distribution
>(sid), this problem has been fixed in version 0.99.21-3.
>
>We recommend that you upgrade your quagga packages.
>
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>
>Mailing list: debian-security-announce@lists.debian.org
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.10 (GNU/Linux)
>
>iQEcBAEBAgAGBQJP4jbDAAoJEL97/wQC1SS+e/4H/RRE5sgSw7+KkJ18+Q154WYC
>706P/mzoSqtu4fBzr5AkSfOb+qnNctSue9bY01gjy1uHZmdQEqmnmFeJgp/1SR1i
>l4O3HqzSj4pXy6oQ3lWmUX0fnOcEGShmP+RKWbCE4Nzdihg2ysZmeW/BmBq0GNJH
>aJY6jeYKvuE2dmLUF+RxEIAxA5SH1/HNwgCHJso0W1Oq11rAjb6nf886FTYX4acM
>aD8JkcX133h9siUwCFS/gqalDW0trQDnhgsviqydi5BBg86ya4Z9TM9EHyoaaRm4
>actQLdN2HGgJJyhXKR7fZamx8zAfIBVtGslzLJxy23X2l6sQ6huJz6j5FmtLHtM=
>=oUK0
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: http://lists.debian.org/87hau5d8vi.fsf@mid.deneb.enyo.de
>

Reply to:

Prev by Date: How to manage CVE
Next by Date: Service Facturation : Fermeture pour congés du 06/08 au 17/08/2012
Previous by thread: Re: How to manage CVE
Next by thread: Service Facturation : Fermeture pour congés du 06/08 au 17/08/2012
Index(es):
- Date
- Thread