United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:109 ] quagga
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:109 ] quagga
| [Security Announce] [ MDVSA-2009:109 ] quagga |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Jeudi, 14 Mai 2009 14:39 |
|
_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:109 http://www.mandriva.com/security/ _______________________________________________________________________ Package : quagga Date : May 10, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error (CVE-2009-1572). Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 _______________________________________________________________________ Updated Packages: Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ 
|