SUSE alert SUSE-SU-2011:1316-1 (quagga) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-security-announce@opensuse.org 
Subject:
    	       [security-announce] SUSE-SU-2011:1316-1: important: Security update for quagga 
Date:
    	       Mon, 12 Dec 2011 02:08:23 +0100 (CET)
Message-ID:
    	       <20111212010823.AB49932296@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   SUSE Security Update: Security update for quagga
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1316-1
Rating:             important
References:         #634300 #654270 #718056 #718058 #718059 #718061 
                    #718062 
Cross-References:   CVE-2010-1674 CVE-2010-1675 CVE-2010-2948
                    CVE-2010-2949 CVE-2011-3323 CVE-2011-3324
                    CVE-2011-3325 CVE-2011-3326 CVE-2011-3327
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:


   This update fixes the following security issues:

   * 634300: buffer overflow and null deref
   * 654270: Malformed extended communities and
   AS_PATHLIMIT DoS
   * 718056: OSPF6D buffer overflow while decoding Link
   State Update with Inter Area Prefix Lsa (CVE-2011-3323)
   * 718058: OSPF6D DoS while decoding Database
   Description packet (CVE-2011-3324)
   * 718059: OSPFD DoS while decoding Hello packet
   (CVE-2011-3325)
   * 718061: OSPFD DoS while decoding Link State Update
   (CVE-2011-3326)
   * 718062: DoS while decoding EXTENDED_COMMUNITIES in
   Quagga's BGP (CVE-2011-3327)

   Security Issue references:

   * CVE-2011-3323
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3323
   >
   * CVE-2011-3324
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3324
   >
   * CVE-2011-3325
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3325
   >
   * CVE-2011-3326
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3326
   >
   * CVE-2011-3327
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3327
   >
   * CVE-2010-1674
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1674
   >
   * CVE-2010-1675
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1675
   >
   * CVE-2010-2948
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948
   >
   * CVE-2010-2949
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):

      quagga-0.99.9-14.7.5.1
      quagga-devel-0.99.9-14.7.5.1


References:

   http://support.novell.com/security/cve/CVE-2010-1674.html
   http://support.novell.com/security/cve/CVE-2010-1675.html
   http://support.novell.com/security/cve/CVE-2010-2948.html
   http://support.novell.com/security/cve/CVE-2010-2949.html
   http://support.novell.com/security/cve/CVE-2011-3323.html
   http://support.novell.com/security/cve/CVE-2011-3324.html
   http://support.novell.com/security/cve/CVE-2011-3325.html
   http://support.novell.com/security/cve/CVE-2011-3326.html
   http://support.novell.com/security/cve/CVE-2011-3327.html
   https://bugzilla.novell.com/634300
   https://bugzilla.novell.com/654270
   https://bugzilla.novell.com/718056
   https://bugzilla.novell.com/718058
   https://bugzilla.novell.com/718059
   https://bugzilla.novell.com/718061
   https://bugzilla.novell.com/718062
   http://download.novell.com/patch/finder/?keywords=6a2ce9a...

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
(Log in to post comments)