Fedora Update Notification
2018-03-06 17:26:39.510841

Name        : quagga
Product     : Fedora 26
Version     : 1.2.2
Release     : 2.fc26
URL         : http://www.quagga.net
Summary     : Routing daemon
Description :
Quagga is free software that operates TCP/IP-based routing protocols. It takes
a multi-server and multi-threaded approach to resolving the current complexity
of the Internet.

Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2,
OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP.

Quagga is intended to be used as a Route Server and a Route Reflector. It is
not a toolkit; it provides full routing power under a new architecture.
Quagga by design has a process for each protocol.

Quagga is a fork of GNU Zebra.

Update Information:

Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing

  [ 1 ] Bug #1546008 - CVE-2018-5379 quagga: Double free vulnerability in bgpd 
when processing certain forms of UPDATE message allowing to crash or 
potentially execute arbitrary code [fedora-all]
  [ 2 ] Bug #1546006 - CVE-2018-5380 quagga: bgpd can overrun internal BGP 
code-to-string conversion tables potentially allowing crash [fedora-all]
  [ 3 ] Bug #1546004 - CVE-2018-5381 quagga: Infinite loop issue triggered by 
invalid OPEN message allows denial-of-service [fedora-all]
  [ 4 ] Bug #1546009 - CVE-2018-5378 quagga: bgpd does not properly bounds 
check the data sent with a NOTIFY allowing leak of sensitive data or crash 

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade quagga' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org

Reply via email to