quagga security and bug fix update

2017-03-2700:00:00

linux.oracle.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.286 Low

EPSS

Percentile

96.4%

JSON

[0.99.15-14]

Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
[0.99.15-13]
fix path of ripd pid file (#842308)
[0.99.15-12]
fix start() function in watchqugga initscript (#862826, #1208617)
[0.99.15-11]
fix for CVE-2013-2236 (#1391918)
fix for CVE-2016-1245 (#1391914)
fix for CVE-2016-2342 (#1391916)
fix for CVE-2016-4049 (#1391919)
[0.99.15-11]
ospf6d: Fix crash when ‘[no] ipv6 ospf6 advertise prefix-list’ is in startup-config (#770731)
[0.99.15-10]
add watchquagga initscript (#862826, #1208617)
remove pidfile when service is stopped (#842308)
use QCONFDIR correctly in initscripts (#839620)
include watchquagga and ospfclient manpages (#674862)
[0.99.15-9]
improve fix for CVE-2011-3325
[0.99.15-8]
fix CVE-2011-3323
fix CVE-2011-3324
fix CVE-2011-3325
fix CVE-2011-3326
fix CVE-2011-3327
fix CVE-2012-0255
fix CVE-2012-0249 and CVE-2012-0250
fix CVE-2012-1820

OSVersionArchitecturePackageVersionFilename
oracle linux6srcquagga< 0.99.15-14.el6quagga-0.99.15-14.el6.src.rpm
oracle linux6i686quagga< 0.99.15-14.el6quagga-0.99.15-14.el6.i686.rpm
oracle linux6i686quagga-contrib< 0.99.15-14.el6quagga-contrib-0.99.15-14.el6.i686.rpm
oracle linux6i686quagga-devel< 0.99.15-14.el6quagga-devel-0.99.15-14.el6.i686.rpm
oracle linux6srcquagga< 0.99.15-14.el6quagga-0.99.15-14.el6.src.rpm
oracle linux6x86_64quagga< 0.99.15-14.el6quagga-0.99.15-14.el6.x86_64.rpm
oracle linux6x86_64quagga-contrib< 0.99.15-14.el6quagga-contrib-0.99.15-14.el6.x86_64.rpm
oracle linux6i686quagga-devel< 0.99.15-14.el6quagga-devel-0.99.15-14.el6.i686.rpm
oracle linux6x86_64quagga-devel< 0.99.15-14.el6quagga-devel-0.99.15-14.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	6	src	quagga	< 0.99.15-14.el6	quagga-0.99.15-14.el6.src.rpm
oracle linux	6	i686	quagga	< 0.99.15-14.el6	quagga-0.99.15-14.el6.i686.rpm
oracle linux	6	i686	quagga-contrib	< 0.99.15-14.el6	quagga-contrib-0.99.15-14.el6.i686.rpm
oracle linux	6	i686	quagga-devel	< 0.99.15-14.el6	quagga-devel-0.99.15-14.el6.i686.rpm
oracle linux	6	src	quagga	< 0.99.15-14.el6	quagga-0.99.15-14.el6.src.rpm
oracle linux	6	x86_64	quagga	< 0.99.15-14.el6	quagga-0.99.15-14.el6.x86_64.rpm
oracle linux	6	x86_64	quagga-contrib	< 0.99.15-14.el6	quagga-contrib-0.99.15-14.el6.x86_64.rpm
oracle linux	6	i686	quagga-devel	< 0.99.15-14.el6	quagga-devel-0.99.15-14.el6.i686.rpm
oracle linux	6	x86_64	quagga-devel	< 0.99.15-14.el6	quagga-devel-0.99.15-14.el6.x86_64.rpm