[ASA-201712-7] quagga: denial of service
Chris.Rebischke at archlinux.org
Thu Dec 14 00:42:56 UTC 2017
Arch Linux Security Advisory ASA-201712-7
Date : 2017-12-13
CVE-ID : CVE-2017-16227
Package : quagga
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-481
The package quagga before version 1.2.2-1 is vulnerable to denial of
Upgrade to 1.2.2-1.
# pacman -Syu "quagga>=1.2.2-1"
The problem has been fixed upstream in version 1.2.2.
A denial of service flaw was found in the way the bgpd daemon in quagga
before 1.2.2 handled the processing of large BGP update messages. A
remote, previously trusted attacker could potentially use this flaw to
cause bgpd to terminate existing BGP sessions, thereby leading to
denial of service.
A remote previously trusted attacker is able to crash quagga with a
maliciously crafted message.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security