Detalji

Uočene su dvije ranjivosti programskog paketa Quagga, distribuiranog s operacijskim sustavom Fedora 15. Radi se o programskoj podršci koja upravlja protokolima usmjeravanja temeljenih na TCP/IP modelu. Oba propusta odnose se na pozadinski proces bgpd. Udaljeni napadač može iskoristiti oba nedostatka za pokretanje napada uskraćivanja usluga (eng. Denial of Service, DoS). Jedan se može ostvariti slanjem posebno oblikovanog atributa BGP Extended Communities, a drugi slanjem posebno oblikovanog atributa AS-path. Svim korisnicima savjetuje se nadogradnja na najnoviju inačicu paketa.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3990
2011-03-24 06:53:00
--------------------------------------------------------------------------------

Name        : quagga
Product     : Fedora 15
Version     : 0.99.18
Release     : 2.fc15
URL         : http://www.quagga.net
Summary     : Routing daemon
Description :
Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.

Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.

Quagga is intended to be used as a Route Server and a Route Reflector. It is
not a toolkit, it provides full routing power under a new architecture.
Quagga by design has a process for each protocol.

Quagga is a fork of GNU Zebra.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed
extended community attribute in a route
        https://bugzilla.redhat.com/show_bug.cgi?id=654603
  [ 2 ] Bug #654614 - CVE-2010-1675 quagga: BGP session reset by processing BGP
Update message with malformed AS-path attributes
        https://bugzilla.redhat.com/show_bug.cgi?id=654614
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update quagga' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh