Red Hat Local Security Checks : RedHat Update for quagga RHSA-2017:0794-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871784

Categoría: Red Hat Local Security Checks

Título: RedHat Update for quagga RHSA-2017:0794-01

Resumen: The remote host is missing an update for the 'quagga'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'quagga'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The quagga packages contain Quagga, the
free network-routing software suite that manages TCP/IP based protocols. Quagga
supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and
is intended to be used as a Route Server and Route Reflector.

Security Fix(es):

* A stack-based buffer overflow flaw was found in the way Quagga handled
IPv6 router advertisement messages. A remote attacker could use this flaw
to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)

* A stack-based buffer overflow flaw was found in the way the Quagga BGP
routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote
attacker could use this flaw to crash the bgpd daemon resulting in denial
of service. (CVE-2016-2342)

* A denial of service flaw was found in the Quagga BGP routing daemon
(bgpd). Under certain circumstances, a remote attacker could send a crafted
packet to crash the bgpd daemon resulting in denial of service.
(CVE-2016-4049)

* A denial of service flaw affecting various daemons in Quagga was found. A
remote attacker could use this flaw to cause the various Quagga daemons,
which expose their telnet interface, to crash. (CVE-2017-5495)

* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD
daemon handled LSA (link-state advertisement) packets. A remote attacker
could use this flaw to crash the ospfd daemon resulting in denial of
service. (CVE-2013-2236)

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9
Technical Notes linked from the References section.

Affected Software/OS:
quagga on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2236
BugTraq ID: 60955
http://www.securityfocus.com/bid/60955
Debian Security Information: DSA-2803 (Google Search)
http://www.debian.org/security/2013/dsa-2803
http://seclists.org/oss-sec/2013/q3/24
http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html
RedHat Security Advisories: RHSA-2017:0794
http://rhn.redhat.com/errata/RHSA-2017-0794.html
http://www.ubuntu.com/usn/USN-2941-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1245
BugTraq ID: 93775
http://www.securityfocus.com/bid/93775
Debian Security Information: DSA-3695 (Google Search)
https://www.debian.org/security/2016/dsa-3695
https://security.gentoo.org/glsa/201701-48
Common Vulnerability Exposure (CVE) ID: CVE-2016-2342
BugTraq ID: 84318
http://www.securityfocus.com/bid/84318
CERT/CC vulnerability note: VU#270232
http://www.kb.cert.org/vuls/id/270232
Debian Security Information: DSA-3532 (Google Search)
http://www.debian.org/security/2016/dsa-3532
https://security.gentoo.org/glsa/201610-03
SuSE Security Announcement: openSUSE-SU-2016:0863 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html
SuSE Security Announcement: openSUSE-SU-2016:0888 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4049
BugTraq ID: 88561
http://www.securityfocus.com/bid/88561
Debian Security Information: DSA-3654 (Google Search)
http://www.debian.org/security/2016/dsa-3654
http://www.openwall.com/lists/oss-security/2016/04/27/7
https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html
http://www.securitytracker.com/id/1035699
SuSE Security Announcement: openSUSE-SU-2016:1313 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5495
BugTraq ID: 95745
http://www.securityfocus.com/bid/95745
http://www.securitytracker.com/id/1037688

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871784
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for quagga RHSA-2017:0794-01
Resumen:	The remote host is missing an update for the 'quagga'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'quagga' package(s) announced via the referenced advisory. Vulnerability Insight: The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix(es): * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245) * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342) * A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049) * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495) * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. Affected Software/OS: quagga on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2236 BugTraq ID: 60955 http://www.securityfocus.com/bid/60955 Debian Security Information: DSA-2803 (Google Search) http://www.debian.org/security/2013/dsa-2803 http://seclists.org/oss-sec/2013/q3/24 http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html RedHat Security Advisories: RHSA-2017:0794 http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.ubuntu.com/usn/USN-2941-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1245 BugTraq ID: 93775 http://www.securityfocus.com/bid/93775 Debian Security Information: DSA-3695 (Google Search) https://www.debian.org/security/2016/dsa-3695 https://security.gentoo.org/glsa/201701-48 Common Vulnerability Exposure (CVE) ID: CVE-2016-2342 BugTraq ID: 84318 http://www.securityfocus.com/bid/84318 CERT/CC vulnerability note: VU#270232 http://www.kb.cert.org/vuls/id/270232 Debian Security Information: DSA-3532 (Google Search) http://www.debian.org/security/2016/dsa-3532 https://security.gentoo.org/glsa/201610-03 SuSE Security Announcement: openSUSE-SU-2016:0863 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html SuSE Security Announcement: openSUSE-SU-2016:0888 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4049 BugTraq ID: 88561 http://www.securityfocus.com/bid/88561 Debian Security Information: DSA-3654 (Google Search) http://www.debian.org/security/2016/dsa-3654 http://www.openwall.com/lists/oss-security/2016/04/27/7 https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html http://www.securitytracker.com/id/1035699 SuSE Security Announcement: openSUSE-SU-2016:1313 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html Common Vulnerability Exposure (CVE) ID: CVE-2017-5495 BugTraq ID: 95745 http://www.securityfocus.com/bid/95745 http://www.securitytracker.com/id/1037688
Copyright	Copyright (C) 2017 Greenbone AG