Security update for quagga SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0473-1 Final 1 1 2018-02-19T09:12:07Z current 2018-02-19T09:12:07Z 2018-02-19T09:12:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for quagga This update for quagga fixes the following issues: - CVE-2017-16227: Fixed bgpd DoS via specially crafted BGP UPDATE messages (boo#1065641) - CVE-2018-5378: Fixed bgpd bounds check issue via attribute length (Quagga-2018-0543,boo#1079798) - CVE-2018-5379: Fixed bgpd double free when processing UPDATE message (Quagga-2018-1114,boo#1079799) - CVE-2018-5380: Fixed bgpd code-to-string conversion tables overrun (Quagga-2018-1550,boo#1079800) - CVE-2018-5381: Fixed bgpd infinite loop on certain invalid OPEN messages (Quagga-2018-1975,boo#1079801) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html E-Mail link for openSUSE-SU-2018:0473-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libfpm_pb0-1.1.1-18.3.1 libospf0-1.1.1-18.3.1 libospfapiclient0-1.1.1-18.3.1 libquagga_pb0-1.1.1-18.3.1 libzebra1-1.1.1-18.3.1 quagga-1.1.1-18.3.1 quagga-devel-1.1.1-18.3.1 libfpm_pb0-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 libospf0-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 libospfapiclient0-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 libquagga_pb0-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 libzebra1-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 quagga-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 quagga-devel-1.1.1-18.3.1 as a component of openSUSE Leap 42.3 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. CVE-2017-16227 openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libospf0-1.1.1-18.3.1 openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1 openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libzebra1-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-devel-1.1.1-18.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html https://www.suse.com/security/cve/CVE-2017-16227.html CVE-2017-16227 https://bugzilla.suse.com/1065641 SUSE Bug 1065641 The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. CVE-2018-5378 openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libospf0-1.1.1-18.3.1 openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1 openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libzebra1-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-devel-1.1.1-18.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html https://www.suse.com/security/cve/CVE-2018-5378.html CVE-2018-5378 https://bugzilla.suse.com/1079798 SUSE Bug 1079798 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. CVE-2018-5379 openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libospf0-1.1.1-18.3.1 openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1 openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libzebra1-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-devel-1.1.1-18.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html https://www.suse.com/security/cve/CVE-2018-5379.html CVE-2018-5379 https://bugzilla.suse.com/1079799 SUSE Bug 1079799 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. CVE-2018-5380 openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libospf0-1.1.1-18.3.1 openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1 openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libzebra1-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-devel-1.1.1-18.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html https://www.suse.com/security/cve/CVE-2018-5380.html CVE-2018-5380 https://bugzilla.suse.com/1079800 SUSE Bug 1079800 The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. CVE-2018-5381 openSUSE Leap 42.3:libfpm_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libospf0-1.1.1-18.3.1 openSUSE Leap 42.3:libospfapiclient0-1.1.1-18.3.1 openSUSE Leap 42.3:libquagga_pb0-1.1.1-18.3.1 openSUSE Leap 42.3:libzebra1-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-1.1.1-18.3.1 openSUSE Leap 42.3:quagga-devel-1.1.1-18.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00037.html https://www.suse.com/security/cve/CVE-2018-5381.html CVE-2018-5381 https://bugzilla.suse.com/1079801 SUSE Bug 1079801