SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1316-1 Rating: important References: #634300 #654270 #718056 #718058 #718059 #718061 #718062 Cross-References: CVE-2010-1674 CVE-2010-1675 CVE-2010-2948 CVE-2010-2949 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update fixes the following security issues: * 634300: buffer overflow and null deref * 654270: Malformed extended communities and AS_PATHLIMIT DoS * 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa (CVE-2011-3323) * 718058: OSPF6D DoS while decoding Database Description packet (CVE-2011-3324) * 718059: OSPFD DoS while decoding Hello packet (CVE-2011-3325) * 718061: OSPFD DoS while decoding Link State Update (CVE-2011-3326) * 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga's BGP (CVE-2011-3327) Security Issue references: * CVE-2011-3323 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3323
* CVE-2011-3324 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3324
* CVE-2011-3325 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3325
* CVE-2011-3326 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3326
* CVE-2011-3327 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3327
* CVE-2010-1674 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1674
* CVE-2010-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1675
* CVE-2010-2948 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948
* CVE-2010-2949 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949
Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64): quagga-0.99.9-14.7.5.1 quagga-devel-0.99.9-14.7.5.1 References: http://support.novell.com/security/cve/CVE-2010-1674.html http://support.novell.com/security/cve/CVE-2010-1675.html http://support.novell.com/security/cve/CVE-2010-2948.html http://support.novell.com/security/cve/CVE-2010-2949.html http://support.novell.com/security/cve/CVE-2011-3323.html http://support.novell.com/security/cve/CVE-2011-3324.html http://support.novell.com/security/cve/CVE-2011-3325.html http://support.novell.com/security/cve/CVE-2011-3326.html http://support.novell.com/security/cve/CVE-2011-3327.html https://bugzilla.novell.com/634300 https://bugzilla.novell.com/654270 https://bugzilla.novell.com/718056 https://bugzilla.novell.com/718058 https://bugzilla.novell.com/718059 https://bugzilla.novell.com/718061 https://bugzilla.novell.com/718062 http://download.novell.com/patch/finder/?keywords=6a2ce9a129c2bd0589ccd9eea1... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org