Home / vulnerabilitiesPDF  

Mandriva Linux Security Advisory 2013-122

Posted on 12 April 2013
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:122
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : quagga
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated quagga package fixes security vulnerability:

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier
allows remote attackers to cause a denial of service (assertion failure
and daemon exit) by leveraging a BGP peering relationship and sending
a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN
message (CVE-2012-1820).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0133
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
ccff198235c967974cf3fbd36357d74b mbs1/x86_64/lib64quagga0-0.99.20.1-4.1.mbs1.x86_64.rpm
2f39ea9b9dc6d43d2c5d6f4a52f03199 mbs1/x86_64/lib64quagga-devel-0.99.20.1-4.1.mbs1.x86_64.rpm
47e58bf9ed528f49b5fc949ee97e3a61 mbs1/x86_64/quagga-0.99.20.1-4.1.mbs1.x86_64.rpm
8631379a83fbe4414c6a6eed168a3eab mbs1/x86_64/quagga-contrib-0.99.20.1-4.1.mbs1.x86_64.rpm
692575a51b91902aafd594dc1a628660 mbs1/SRPMS/quagga-0.99.20.1-4.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZVKPmqjQ0CJFipgRAqDBAJ0UIibF/CxlkQs84SH9L+LNCFGixgCdGQ8Z
6nfdWJt00X05gt1q7uQci/U=
=nomv
-----END PGP SIGNATURE-----

 

TOP

Malware :

Exploits :