Commit - rpms/quagga - ba3a7a25ca3f61236d8074b3309ee822f77b3a77

    Fix CVE-2018-5379, CVE-2018-5380, CVE-2018-5381, CVE-2018-5378
    
    Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing
      certain forms of UPDATE message allowing to crash or potentially execute
      arbitrary code
    Resolves: rhbz#1546008
    
    Fixed CVE-2018-5380 - bgpd can overrun internal BGP code-to-string
      conversion tables potentially allowing crash
    Resolves: rhbz#1546006
    
    Fixed CVE-2018-5381 - Infinite loop issue triggered by invalid OPEN message
      allows denial-of-service
    Resolves: rhbz#1546004
    
    Fixed CVE-2018-5378 - bgpd does not properly bounds check the data sent with
      a NOTIFY allowing leak of sensitive data or crash
    Resolves: rhbz#1546009

0001-bgpd-security-Fix-double-free-of-unknown-attribute.patch

file added

+110

0001-bgpd-security-debug-print-of-received-NOTIFY-data-ca.patch

file added

+112

0001-bgpd-security-fix-infinite-loop-on-certain-invalid-O.patch

file added

+41

0001-bgpd-security-invalid-attr-length-sends-NOTIFY-with-.patch

file added

+67

quagga.spec

file modified

+25 -1

rpms / quagga

Source Code

ba3a7a2 Fix CVE-2018-5379, CVE-2018-5380, CVE-2018-5381, CVE-2018-5378

Authored and Committed by olysonek 6 years ago

`ba3a7a2` Fix CVE-2018-5379, CVE-2018-5380, CVE-2018-5381, CVE-2018-5378